摘要
提出了一种基于遗传聚类算法对入侵检测系统(IDS)报警进行聚合的方法。将报警间属性的相异程度转换到值域区间[0.0,1.0]上,两报警间的相异程度用一个相异度矩阵表示;利用遗传算法的自适应优化特性选取较优的聚类中心,根据报警间的相异度矩阵将相似的报警进行聚类;在此基础上,分别对每一类中的报警采用凝聚层次的聚合方法进行聚合。实验结果证明,该方法能够有效地减少重复报警。
An alert aggregation algorithm was proposed, in which alerts of Intrusion Detection System (IDS) based on genetic clustering algorithm were aggregated. To convert the dissimilarity between two alert attributes into the value range of [0.0, 1.0], the dissimilarity of two alerts was represented by using a dissimilarity matrix; the more excellent clustering centers were chosen by the genetic algorithm, and the similar alerts would be clustered according to the dissimilarity matrix. Hierarchical aggregation method was adopted for every kind of alerts to aggregate according to the results of clustering. The experimental results show that the repeat alerts can be decreased effectively by this method.
出处
《计算机应用》
CSCD
北大核心
2008年第4期896-898,905,共4页
journal of Computer Applications
基金
国家973前期研究专项(2007CB316505)
国家973面上项目(2006CB303006)
江西师范大学博士基金项目
关键词
报警
聚合
相异度矩阵
遗传聚类算法
alert
aggregation
dissimilarity matrix
genetic clustering algorithm