一种基于聚类的无监督异常检测方法

计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (1): 138-141.

一种基于聚类的无监督异常检测方法

杨斌,刘卫国

中南大学信息科学与工程学院，长沙 410083

收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-01-01 发布日期:2008-01-01
通讯作者: 杨斌

Clustering-based unsupervised anomaly detection method

YANG Bin,LIU Wei-guo

College of Information Science & Engineering，Central South University，Changsha 410083，China

Received:1900-01-01 Revised:1900-01-01 Online:2008-01-01 Published:2008-01-01
Contact: YANG Bin

摘要/Abstract

摘要： 为了解决无监督异常检测方法无法检测突发性的大规模攻击的问题，提出了一种基于聚类的无监督异常检测模型，该模型从多个聚类器中选取DB指数最小的分簇结果，并利用最小簇内距离、最大簇内距离对每个簇进行分类，从而识别出攻击。实验表明该模型明显提高了检测率、降低了误报率。

关键词: 无监督异常检测, K均值算法, DB指数, 簇内距离

Abstract: Unsupervised anomaly detection can’t detect a massive attack in bursts.In order to solve this problem，this paper proposes a unsupervised anomaly detection model based on clustering.It chooses clustering result from multi-clusters which has the minimum DB index，applies minimum intra-cluster distance and maximum intra-cluster distance to classify every cluster，then identifies attacks.Experimental results show that the proposed strategy can improve obviously detection rate and decrease false positive rate.

Key words: unsupervised anomaly detection, K-means algorithm, Davies-Bouldin index, intra-cluster distance

杨斌,刘卫国. 一种基于聚类的无监督异常检测方法[J]. 计算机工程与应用, 2008, 44(1): 138-141.

YANG Bin,LIU Wei-guo. Clustering-based unsupervised anomaly detection method[J]. Computer Engineering and Applications, 2008, 44(1): 138-141.