摘要
针对煤矿安全生产信息系统中出现的网络入侵问题,在网络入侵异常检测技术中提出一种基于已知样本的快速聚类入侵检测算法.该算法通过对已知样本训练来准确获得初始聚类中心,同时运用对象分离的方法计算聚类中心和非相似度,解决了由于传统聚类算法随机选取初始聚类中心和只能计算单一连续属性或离散属性带来的网络异常检测中误报率高而检测率低的问题.实例验证表明:该算法比传统聚类算法的检测率提高了30%,误报率降低了25%,并且能获得对新型攻击的检测.
Aimed to network security problems was found in mine safety production information system, a fast clustering algorithm based on foregone samples for mixed data (FCABFS) in network anomaly detections technology was proposed. Original clustering center was exactly obtained by FCABFS through training foregone samples; clustering center and non-similarity was calculated by separating objects. This algorithm solved problem of the higher false positive rate and the lower detection rate caused by using traditional clustering method with random selecting original clustering center and computing single attribute (continual or discrete) only in network anomaly detection. The experimental results compared with traditional clustering algorithm show that the detection rate is promoted 30% , and the false positive rate is diminished 25%. This algorithm can also obtain detections to new type attack.
出处
《煤炭学报》
EI
CAS
CSCD
北大核心
2009年第12期1707-1712,共6页
Journal of China Coal Society
基金
国家高技术研究发展计划(863)资助项目(2005AA133070)
