摘要
随着入侵手段的不断更新和升级,传统入侵检测方法准确率下降、检测时间延长,无法满足网络防御要求。为此,提出一种经过改进K均值(K-means)数据聚类算法,以应对不断升级的网络入侵行为。先以防火墙日志为基础转换数值,然后基于粒子群算法求取最优初始聚类中心,实现K-means数据聚类算法的改进;最后以计算得出的特征值为输入项,实现对网络入侵行为的精准检测。结果表明:K-means算法改进后较改进前的戴维森堡丁指数更小,均低于0.6,达到了改进目的。改进K-means算法各样本的准确率均高于90%,相对更高,检测时间均低于10 s,相对更少,说明该方法能够以高效率完成更准确的网络入侵检测。
With the continuous updating of intrusion methods,the accuracy of traditional intrusion detection methods decreases and the detection time is extended,which has been unable to meet the requirements of network defense.To this end,an improved K-means data clustering algorithm was proposed to cope with the escalating network intrusion behavior.Firstly,the values were converted based on firewall logs,and then particle swarm optimization algorithm was used to obtain the optimal initial clustering center,so as to improve the K-means data clustering algorithm;Finally,the calculated eigenvalue were taken as the input item to achieve accurate detection of the network intrusion behavior.The results show that the Davies-Bouldin Index of the improved K-means algorithm is smaller than that before the improvement,which is less than 0.6,reaching the purpose of improvement.The accuracy rate of each sample of the improved K-means algorithm is higher than 90%,relatively higher,and the detection time is less than 10 s,relatively shorter.This indicate that the research method can complete more accurate network intrusion detection with high efficiency.
作者
黄俊萍
HUANG Junping(Information Management College,Minnan University of Science and Technology,Shishi 362700,China)
出处
《成都工业学院学报》
2024年第2期58-62,97,共6页
Journal of Chengdu Technological University
关键词
改进K-means数据聚类算法
防火墙日志
入侵检测特征
粒子群算法
网络入侵检测
improved K-means data clustering algorithm
firewall logs
intrusion detection features
particle swarm optimization algorithm
network intrusion detection
