摘要
入侵检测通过收集各种网络数据,从中分析和发现可能的入侵攻击行为。聚类算法是一种无监督分类方法,能够很好地用于入侵检测。提出一种基于聚类分析和时间序列模型的异常入侵检测方法,该方法不需要手动标示的训练数据集就可以探测到很多不同类型的入侵行为。实验结果表明,该方法用于入侵检测具有较高的检测率和较低的误报率。
Intrusion detection system can discover potential intrusion behavior by collecting and analyzing various network data.Clustering algorithm is an unsupervised machine learning method well applied in intrusion detection.In this paper,an algorithm of intrusion detection was explored based on clustering analysis and time-based sequence analysis.It is able to detect many different types of intrusion without manually classified data for training.The experimental results show that the algorithm is feasible and effective.It has higher detection rate and a lower false positive rate.
出处
《计算机应用》
CSCD
北大核心
2010年第3期699-701,714,共4页
journal of Computer Applications
基金
广东省自然科学基金资助项目(06021484)
广东省科技计划项目(2008A060201011)
关键词
入侵检测
数据挖掘
聚类
时间序列
intrusion detection
data mining
clustering
time-based sequence
