摘要
使用聚类或分类技术来进行入侵检测的关键是如何定义相似性,已有的相似性度量标准在处理分类属性时效果不理想,据此,论文使用随机森林算法计算元素之间的相似性,在获得相似性的基础上再利用KNN(k Nearest neighbor)算法分类待检测数据以判断入侵发生与否。经与常用分类方案比较,在分类效果上有明显改善。
The key point is how to define similarity by using clustering or classification for intrusion detection. The existing methods for computing similarity are not so ideal in dealing with the classified attributes. This paper proposes a new method to compute similarity for the task of classifying data as intrusion or not. Testing the algorithm on KDD'99 dataset indicates that it could obviousely improve the effect of classification.
出处
《信息安全与通信保密》
2009年第8期70-71,73,共3页
Information Security and Communications Privacy
关键词
入侵检测
随机森林
相似性
Intrusion Detection
Random Forest
Similarity
