摘要
由于数据流具有快速、无限、突发等特性,实现高速网络下的实时入侵检测已成为一个难题。设计一种维持数据流概要特征的相似搜索聚类树(similarity search cluster-tree,SSC-tree)结构,在此基础上提出一种基于SSC-tree的流聚类算法用于高速网络的入侵检测。为适应高速、突发到达的数据流,算法采用了链式缓存、捎带处理和局部聚类策略。SSC-tree中的链式缓存区用于临时存放数据流突发时算法不能及时处理的数据对象,缓冲区中的内容随后被捎带处理。在高速数据流未插入SSC-tree参与全局聚类之前,利用局部聚类产生微簇来适应高速流的到达。实验结果表明,该算法具有良好的适用性,能够在高速网络环境下产生较好的聚类精度,有效实现高速网络环境下的入侵检测。
As data streams show the fast,unlimited and bursting characteristics,real-time intrusion detection in high-speed networks becomes a problem.A similarity search cluster-tree(SSC-tree) is designed to maintain the summary feature of data streams and a clustering algorithm based on the SSC-tree is proposed to detect intrusion in high-speed networks.In order to process high speed and bursting streams in time,chaining buffer,piggyback and local cluster mechanisms are used.The chaining buffer in SSC-tree is used to store temporary data stream objects which are piggybacked later to solve the problem that high-speed streams cannot be clustered in time when the bursting data streams arrive.Besides,in order to meet the arrival of high-speed stream,the algorithm introduces a local cluster mechanism,which is the process of pre-clustering to produce local micro-clusters before data stream objects are inserted in the SSC-tree.The experiment results show that the proposed algorithm has good applicability and high clustering accuracy in high-speed networks.It can detect the intrusion in high-speed networks effectively.
出处
《系统工程与电子技术》
EI
CSCD
北大核心
2012年第3期625-630,共6页
Systems Engineering and Electronics
基金
国家自然科学基金(61071093)
高等学校博士学科点专项科研基金(20093223120001)
江苏省科技支撑计划(BE2009063
BE2009158)
江苏省自然科学基金(K2009426)
信息安全国家重点实验室开放课题(03-01-1)
江苏高校优势学科建设工程(yx002001)资助课题
关键词
入侵检测
聚类
数据流
高速网络
intrusion detection
cluster
data streams
high speed network