摘要
随着以太网的快速发展,基于网络的攻击方式越来越多,传统的入侵检测系统越来越难以应付;将数据挖掘技术引入到入侵检测系统中来,分析网络中各种行为记录中潜在的攻击信息,自动辨别出网络入侵的模式,从而提高系统的检测效率;将K-MEANS算法及DBSCAN算法相综合,应用到入侵检测系统,并针对K-MEANS算法的一些不足进行了改进,提出了通过信息嫡理论的使用解决K-MEANS算法选择初始簇中心问题,然后利用其分类结果完善DBSCAN算法两个关键参数(Eps,Minpts)的设置,通过DB-SCAN算法,进一步地分析可疑的异常聚类,提高聚类的准确度。
With the rapid development of Ethernet,network-based attacks more and more,traditional intrusion detection systems become increasingly difficult to cope.This article introduces data mining techniques to intrusion detection system to automatically analyze the network behavior in a variety of potential attacks recorded information,identify network intrusion model,thus improving the detection efficiency.In the data mining algorithm,this paper,the current most widely used algorithms DBSCAN and K-MEANS,and the K-MEANS algorithm is improved,the K-MEANS algorithm and DBSCAN algorithm integration is applied to the intrusion detection system.Universal Detection record set by the anomaly detection experiment show that the design of intrusion detection algorithm has a very high efficiency and accuracy.
出处
《计算机测量与控制》
CSCD
北大核心
2012年第2期321-323,348,共4页
Computer Measurement &Control