期刊文献+

基于SSC-tree流聚类的入侵检测算法

Intrusion detection algorithm based on SSC-tree stream clustering
下载PDF
导出
摘要 由于数据流具有快速、无限、突发等特性,实现高速网络下的实时入侵检测已成为一个难题。设计一种维持数据流概要特征的相似搜索聚类树(similarity search cluster-tree,SSC-tree)结构,在此基础上提出一种基于SSC-tree的流聚类算法用于高速网络的入侵检测。为适应高速、突发到达的数据流,算法采用了链式缓存、捎带处理和局部聚类策略。SSC-tree中的链式缓存区用于临时存放数据流突发时算法不能及时处理的数据对象,缓冲区中的内容随后被捎带处理。在高速数据流未插入SSC-tree参与全局聚类之前,利用局部聚类产生微簇来适应高速流的到达。实验结果表明,该算法具有良好的适用性,能够在高速网络环境下产生较好的聚类精度,有效实现高速网络环境下的入侵检测。 As data streams show the fast,unlimited and bursting characteristics,real-time intrusion detection in high-speed networks becomes a problem.A similarity search cluster-tree(SSC-tree) is designed to maintain the summary feature of data streams and a clustering algorithm based on the SSC-tree is proposed to detect intrusion in high-speed networks.In order to process high speed and bursting streams in time,chaining buffer,piggyback and local cluster mechanisms are used.The chaining buffer in SSC-tree is used to store temporary data stream objects which are piggybacked later to solve the problem that high-speed streams cannot be clustered in time when the bursting data streams arrive.Besides,in order to meet the arrival of high-speed stream,the algorithm introduces a local cluster mechanism,which is the process of pre-clustering to produce local micro-clusters before data stream objects are inserted in the SSC-tree.The experiment results show that the proposed algorithm has good applicability and high clustering accuracy in high-speed networks.It can detect the intrusion in high-speed networks effectively.
出处 《系统工程与电子技术》 EI CSCD 北大核心 2012年第3期625-630,共6页 Systems Engineering and Electronics
基金 国家自然科学基金(61071093) 高等学校博士学科点专项科研基金(20093223120001) 江苏省科技支撑计划(BE2009063 BE2009158) 江苏省自然科学基金(K2009426) 信息安全国家重点实验室开放课题(03-01-1) 江苏高校优势学科建设工程(yx002001)资助课题
关键词 入侵检测 聚类 数据流 高速网络 intrusion detection cluster data streams high speed network
  • 相关文献

参考文献18

  • 1Anyanwu L O,Keengwe J,Arome G A.Scalable intrusion detectionwith recurrent neural networks[C]∥Proc.of the ITNG2010-7th International Conference on Information Technology:NewGenerations,2010:919-923.
  • 2Patel A,Qassim Q,Wills C.A survey of intrusion detection andprevention systems[J].Information Management and ComputerSecurity,2010,18(4):277-290.
  • 3Farran B,Saunders C,Niranian M.Machine learning for intru-sion detection:modeling the distribution shift[C]∥Proc.of theIEEE International Workshop on Machine Learning for SignalProcessing,2010:232-237.
  • 4Lee W K,Stolfo S J,Mok K W.A data mining framework forbuilding intrusion detection models[C]∥Proc.of the IEEEComputer Society Symposium on Research in Security and Pri-vacy,1999:120-132.
  • 5Lee W K,Stolfo S J.A framework for constructing features andmodels for intrusion detection systems[J].ACM Trans.onInformation and System Security,2000,3(4):227-261.
  • 6Ektefa M,Memar S,Sidi F,et al.Intrusion detection usingdata mining techniques[C]∥Proc.of the International Confer-ence on Information Retrieval and Knowledge Management:Exploring the Invisible World,2010:200-203.
  • 7Gudadhe M,Prasad P,Wankhade K.A new data mining basednetwork intrusion detection model[C]∥Proc.of the Interna-tional Conference on Computer and Communication Technology,2010:731-735.
  • 8Aggarwal C C,Han J W,Wang J Y,et al.A framework forclustering evolving data streams[C]∥Proc.of the 29th Interna-tional Conference on Very Large Data Bases,2003:81-92.
  • 9Cao F,Ester M,Qian W N,et al.Density-based clustering overan evolving data stream with noise[C]∥Proc.of the 6th SIAMInternational Conference on Data Mining,2006:326-337.
  • 10Hornq S J,Su M Y,Chen Y H,et al.A novel intrusion detec-tion system based on hierarchical clustering and support vectormachines[J].Expert Systems with Applications,2011,38(1):306-313.

二级参考文献38

  • 1杨宜东,孙志挥,朱玉全,杨明,张柏礼.基于动态网格的数据流离群点快速检测算法[J].软件学报,2006,17(8):1796-1803. 被引量:22
  • 2倪巍伟,陆介平,陈耿,孙志挥.基于k均值分区的数据流离群点检测算法[J].计算机研究与发展,2006,43(9):1639-1643. 被引量:20
  • 3周晓云,孙志挥,张柏礼,杨宜东.高维类别属性数据流离群点快速检测算法[J].软件学报,2007,18(4):933-942. 被引量:21
  • 4俞研,郭山清,黄皓.基于数据流的异常入侵检测[J].计算机科学,2007,34(5):66-71. 被引量:11
  • 5杨春宇,周杰.一种混合属性数据流聚类算法[J].计算机学报,2007,30(8):1364-1371. 被引量:22
  • 6Aggarwal C C, Han Jia-wei, Wang Jian-yong, et al. A Framework for Clustering Evolving Data Streams[C]//Proceedings of the 29th International Conference on Very Large Data Bases. Berlin, 2003 : 81-92.
  • 7Aggarwal C C, Han Jia-wei, Wang Jian-yong, et al. A Framework for Projected Clustering of High Dimensional Data Streams[C]//Proceedings of the 30th International Conference on Very Large Data Bases. Toronto,2004:852-863.
  • 8Cao Feng,Ester M, Qian Wei-ning, et al. Density-based Clustering over an Evolving Data Stream with Noise[C]//Proceedings of the 6th SIAM International Conference on Data Mining. Be thesda, 2006: 326-337.
  • 9Jiang Sheng-Yi, Song Xiao-Yu. A Clustering-based Method for Unsupervised Intrusion Deteetions[J]. Pattern Recognition Letters, 2006,27(5) : 802-810.
  • 10He Zeng-you, Xu Xiao-fei, Huang Zhe-xue, et al. FP-Outlier: Frequent Pattern Based Outlier Detection[J]. Computer Science and Information System,2005,2(1): 103-118.

共引文献24

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部