基于免疫优势多克隆网络的异常检测

Abnormal Detection Based on Immunodominance Polyclonal Network

为实现无监督异常检测,提出一种用于网络数据训练学习的免疫优势多克隆网络聚类算法。根据抗体抗原亲合度,通过免疫优势、克隆、交叉、非一致变异、禁忌克隆和克隆死亡等人工免疫系统算子,实现抗体网络的进化学习和自适应调节。以一个小规模的网络映射原始数据集的内在结构,利用基于凝聚的层次聚类方法对网络结构进行分析,从而获得描述正常和异常行为的数据特征。仿真结果表明,该算法适用于大规模、无标识数据的异常检测,并能检测出未知攻击。

A polyclonal network clustering algorithm for training the network data is employed to build a unsupervised abnormal dctecLion system.It is directed by the affinity function between antibody and antigen. Some artificial immune system operators are used in the method including immunodominance, clone, cross, non-uniform mutation and forbidden clone. A small-size, self-adaptive and self-learning network is evolved in the method to reflect the distribution of original data. A traditional hierarchical agglomerative clustering algorithm is employed to perform clustering analysis and obtain the classification of normal and abnormal data. Simulation results show that the algorithm can deal with massive unlabeled data to detect anomaly and even can detect unknown attacks.