摘要
为实现无监督异常检测,提出一种用于网络数据训练学习的免疫优势多克隆网络聚类算法。根据抗体抗原亲合度,通过免疫优势、克隆、交叉、非一致变异、禁忌克隆和克隆死亡等人工免疫系统算子,实现抗体网络的进化学习和自适应调节。以一个小规模的网络映射原始数据集的内在结构,利用基于凝聚的层次聚类方法对网络结构进行分析,从而获得描述正常和异常行为的数据特征。仿真结果表明,该算法适用于大规模、无标识数据的异常检测,并能检测出未知攻击。
A polyclonal network clustering algorithm for training the network data is employed to build a unsupervised abnormal dctecLion system.It is directed by the affinity function between antibody and antigen. Some artificial immune system operators are used in the method including immunodominance, clone, cross, non-uniform mutation and forbidden clone. A small-size, self-adaptive and self-learning network is evolved in the method to reflect the distribution of original data. A traditional hierarchical agglomerative clustering algorithm is employed to perform clustering analysis and obtain the classification of normal and abnormal data. Simulation results show that the algorithm can deal with massive unlabeled data to detect anomaly and even can detect unknown attacks.
出处
《计算机工程》
CAS
CSCD
2012年第17期129-132,共4页
Computer Engineering
基金
国家自然科学基金资助项目(61105064)
陕西省教育厅科研基金资助项目(2010JK837)
陕西省自然科学基金资助项目(2011JM8007)
关键词
异常检测
免疫优势
多克隆网络
交叉算子
非一致变异
禁忌克隆
abnormal detection
immunodominance
polyclonal network
cross operator
non-uniform mutation
fobidden clone