摘要
使用KDDCup99网络入侵检测数据,对传统的FCM(Fuzzy C-Means)算法进行实验,发现该聚类算法在进行聚类划分和孤立点判断时,存在划分粗略性现象。针对该问题,本文提出使用分箱统计的FCM方法来划分和描述数据集的分布。与原有算法相比,不需要频繁更新聚类中心,同时耗时问题也得到较好的改善。文章最后将特征匹配与基于分箱的FCM算法相结合,协同分析网络连接数据记录。实验结果证明,这种协同检测方法的检测率有明显提高,实时性好,能较好地发现新的攻击类型,便于检测知识库的更新。
This paper carried experiments on the traditional FCM (Fuzzy C Means) algorithm by using KDDCup99 intrusion-detection data of network and found that when clustering division and isolated- point judgments were carried out, phenomenon of rough division was existed in this algorithm. To this question the paper presented that classifying and describing the distribution of data sets by using of the statistics box-FCM methods. Compared with the original algorithm it didn't need to update the clustering center frequently and could resolve time-consuming problems effectively. Finally this paper combined feature matching with box-FCM algorithm so that network connection data records could be coordinated analyzed. Experiments proved that the detection efficiency of this real-time method was improved noticeably and some new intrusion ways could be detected to update the knowledge base.
出处
《计算机科学》
CSCD
北大核心
2008年第4期36-39,共4页
Computer Science
基金
江苏省产业技术研究与开发基金,苏发改高技发[2006]1106号
关键词
FCM算法
分箱统计
特征匹配
协同检测
FCM algorithm, Based on statistical binning, Statistics, Feature matching, Coordinated analysis