摘要
为解决模糊k-均值算法对初始化敏感及易陷入局部极值的不足,提出了基于克隆选择算法(CSA)的无监督模糊聚类异常入侵检测方法.应用结合了具有进化搜索、全局搜索、随机搜索和局部搜索特点的克隆算子快速得到了全局最优聚类,并应用模糊检测算法检测网络中的异常行为模式.该方法的优点是不需要人工对训练集分类,并且可以检测出未知的攻击.仿真试验表明,该方法不但能检测出未知的攻击,而且具有较低的误报率和较高的检测率.
A novel intrusion detection method based on clonal selection algorithm (CSA)-based unsupervised fuzzy clustering algorithm was presented for solving the problem of fuzzy k-means algorithm which is much more sensitive to the initialization and is easy to fall into local optimization. With the method, the global optimal clustering with clonal operator which combines the evolutionary search, the global search, the stochastic search and the local search could be quickly obtained, in the mean time,the abnormal network behavior patterns with fuzzy detection algorithm could be detected. The benefit of this algorithm is that it does not need the labeled training data sets and it could detect unknown intrusion. Simulation results show that the method mentioned above will be able to detect unknown intrusions with lower false positive rate and higher detection rate.
出处
《北京邮电大学学报》
EI
CAS
CSCD
北大核心
2005年第4期103-106,共4页
Journal of Beijing University of Posts and Telecommunications
基金
国家自然科学基金项目(90304004)
关键词
异常检测
模糊聚类
克隆选择算法
无监督模糊k-均值算法
anomaly detection
fuzzy clustering
clonal selection algorithm
unsupervised fuzzy k-means algorithm
