Abstract: The curse of dimensionality would arise when high dimensional network connection records are directly processed. So it is usually required to reduce dimensionality of the records. Non-negative matrix factorization not only can reduce dimensionality, but also makes all elements in the factor matrices non-negative, which corresponds to the semantic feature of the network connection records. After high dimensional network connection records are projected into low dimensional visual space by non-negative matrix factorization, network connection records are represented as scatter dots in low dimensional space. The class to which the record belongs is determined by observing the location of the scatter dot, and intrusion detection is visualized. Experiments demonstrate the effectiveness of this intrusion detection method.

Key words: intrusion detection, non-negative matrix factorization, visualization

摘要： 直接对高维网络连接数据进行处理会出现维数灾难问题，因此，需要对其进行维数约简。非负矩阵分解不仅能对高维数据进行降维，而且使矩阵在分解后的所有分量均为非负值，符合网络连接数据的语义特征。将其应用到入侵检测中，把高维数据投影到低维可视空间上，用散点来表示网络连接记录，通过观察散点所处位置来判断其所属类别，实现入侵检测的可视化。实验验证了这种入侵检测方法的有效性。

关键词: 入侵检测, 非负矩阵分解, 可视化