摘要
网络异常检测技术是入侵检测领域研究的热点内容,但由于存在着误报率较高等问题,并未在实际环境中得以大规模应用。基于质心Voronoi图,提出一种新的异常检测算法。在该算法中,首先利用质心Voronoi图来对样本数据进行聚类,然后基于聚类结果,计算出各个样本点的点密度,并以此来判断样本数据是否异常。最后,通过基于KDD Cup 1999数据集的实验测试,仿真结果表明,新算法在具有较低的误报率的同时,也具有良好的检测率。
Network anomaly detection has been an active research topic in the field of intrusion detection for many years. However, it has not been widely applied in practice due to high false alarm rate, etc. Based on the centroidal Voronoi diagram, a new 'algorithm of anomaly detection was proposed in this paper, in which the centroidal Voronoi diagram was used in the clustering of sample data first, and then the point density was computed out according to the results of clustering for each sample point, which was used to determine whether the sample data was abnormal or not. Finally, a series of experiments on well known KDD Cup 1999 dataset demonstrate that the new algorithm has low false positive rate while ensuring high detection rate.
出处
《计算机应用》
CSCD
北大核心
2010年第1期178-180,185,共4页
journal of Computer Applications
基金
国家863计划项目(2006AA01Z2227)
关键词
聚类
入侵检测
误检率
检测率
ROC
clustering
intrusion detection
false detecting rate
detection rate
Receiver Operating Characteristic (ROC)
