摘要
随着Internet遍布到世界的各个角落,计算机暴露在互联网的各种恶意攻击前。我们需要行之有效的入侵检测系统来保护计算机免受这些恶意攻击的侵扰。现有基于信号的检测方法十分依赖加标识的训练数据,而对于新型的攻击束手无策。尽管基于聚类的检测方法可以克服这个缺陷,但是聚类方法的时间开销太大,从而导致网络管理员的反应延迟。本文介绍了一种新型的快速自适应聚类算法(FACA,FastAdaptive C lusterA lgorithm)该算法的时间复杂度为O(mn),n为数据点的数量,m为采样的次数,m的值远小于n,然而传统聚类方法的时间复杂度为O(n2),采用KDD CUP99的实验数据对该方法进行了评估,结果表明,相对于传统聚类方法,FACA显著的提高了检测效率。
Aim. The introduction of the full paper reviews some papers in the open literature and then proposes a FACA-based anomaly detection method, which we believe is relatively more effective against the intrusions from the World Wide Web than the existing anomaly detection methods. Section 1 explains our new method; its core consists of: ( 1 ) we cluster the network behavior sets in accordance with the distance between network behavior objects with the FACA, whose flow chart is given as the block diagram in Fig. 1 ; (2) we reduce the occasions generated by se- lecting two initial clustering centers, thus enhancing the clustering stabilitY of the FACA, decreasing its time cost and guaranteeing its efficiency; (3) we optimize the FACA by computing only the changes in the neighborhood clustering, thus reducing its computation load greatly. To verify the effectiveness of our FACA-based anomaly detection method, section 2 did experiments on the network records from the KDD CUP99 data set; the experimental results, given in Tables 1 and 2 and Fig. 2, and their analysis show preliminarily that our FACA-based anomaly detection method can indeed effectively detect intrusions and is more efficient than the K-NN clustering algorithm and the K-means clustering algorithm.
出处
《西北工业大学学报》
EI
CAS
CSCD
北大核心
2011年第3期424-428,共5页
Journal of Northwestern Polytechnical University
基金
教育部博士点新教师基金(20070699011)资助
关键词
异常检测
聚类算法
数据安全
WWW
algorithms, security of data, World Wide Web, anomaly detection, clustering algorithm