摘要
网络异常通常表现在多维特征中,而当前检测方法局限于一维特征或者多维特征的简单组合,使系统检测率低、误报率高.同时,有监督学习需要大量训练数据,而无监督学习准确率不足.因此,本文提出半监督联合模型(Semi-Supervised Com-bination,SM C)对数据的多维特征进行检测,通过解决非线性优化问题使联合过程信息损失最小化,较好地处理了噪声与孤立点.半监督学习方式利用少量已标记数据使模型更准确.本文以模糊C均值聚类(Fuzzy C-Means,FCM)作为基本检测器,经过实验验证,在目标误报率下基于SMC模型的异常检测算法的准确率比单个基本检测器提高了10%到20%.
Traffic anomaly is characterized by multiple features, but the existing detection methods block its application wide for low detection rate and high false alarm rate, which is aiming at features of a single dimension or multiple dimensions mixed simply. Con- sidering the insufficient of training records of supervised methods and low detection rate of unsupervised methods, a novel model is proposed, named Semi-Supervised Combination (SMC). It fuses multiple features of traffic to decide whether the network is normal, minimizes the information loss by solving nonlinear optimization problems and deals well with noise and isolated points. Semi-super- vised method exploits labeled data to improve the precision of the model. This paper uses fuzzy C-means as base detectors, and the experimental results show that the algorithm based SMC improves over the base detectors by 10% to 20% in accuracy.
出处
《小型微型计算机系统》
CSCD
北大核心
2013年第6期1242-1247,共6页
Journal of Chinese Computer Systems
基金
国家"八六三"高技术研究发展计划项目(2009AA01A346)资助
关键词
异常检测
多维特征
半监督联合
非线性优化
模糊C均值聚类
anomaly detection
multiple features
semi-supervised combination
nonlinear optimization
Fuzzy C-Means
