摘要
入侵检测中对未知入侵的检测主要是由异常检测来完成的,传统异常检测方法需要构造一个正常行为特征轮廓的参考模型,但建立该特征轮廓使系统的开销巨大.对此,提出一种针对网络入侵检测的聚类算法,该方法的优点在于不需要用人工的或其他的方法来对训练集进行标识.在检测过程中,随着有效信息的不断增加,模型得到了更新,使增量聚类后的新模型与原有模型的检测性能相比,有很大提高.
It is accomplished by abnormal detection to detect the uncertain intrusion in the intrusion detection. Traditional abnormal detection methods need a reference model with a profile of normal action, but build the character profile are more difficult. So this paper puts forward to network intrusion detection in combination with clustering algorithm. The benefit of the algorithm is that it needn't labeled training data sets by hand or other methods. And in the detection the model may be incremental updated by the increasing useful information. So the new model after incremental clustering is more highly detective than the original model.
出处
《哈尔滨理工大学学报》
CAS
2007年第1期39-42,46,共5页
Journal of Harbin University of Science and Technology
基金
黑龙江省自然科学基金资助项目(F0306)
关键词
入侵检测
无监督异常检测
聚类
intrusion detection
unsupervised anomaly detection
clustering