摘要
由于缺少监督数据,传统的基于聚类算法的入侵检测系统存在误报率高、检测率低等问题。针对这种情况,提出基于模拟退火和半监督K均值聚类的入侵检测方法。该方法首先利用少量标记入侵类型的网络数据改进聚类初始化过程,在K均值聚类算法中引入半监督学习,然后利用模拟退火算法跳出局部极值的能力与半监督K均值聚类算法结合以得到全局最优聚类,最后根据标记数据确定聚类类别,并应用于入侵行为的检测。基于KDDCUP99的对比实验表明,该方法利用监督数据和模拟退火算法改进了聚类算法,能够有效提高入侵检测的准确率。
Because of the absence of supervised data, classical intrusion detection system based on clustering will result in high misdetection rate and low detection rate. In view of this, we propose a method of intrusion detection based on simulated annealing and semi-supervised K-means clustering. This method improves the initial stage of clustering by using a few labeled data of net-work intrusion first, so the semi-supervised learn method is introduced in the K-means clustering. Then the method combines the ability of simulated annealing algorithm jumping out of the local optimal solution with semi-supervised K-means clustering to get global optimal clustering. Finally, the method identifies the clusters with labeled data and is used in the detection of intruding ac-tion. The experiment in the KDDCUP99 data set indicates that the method can improve the clustering algorithm with supervised data and simulated annealing, and obtains an increase in the precision rate of intrusion detection.
出处
《计算机与现代化》
2014年第11期27-30,共4页
Computer and Modernization
基金
山东省高等学校科技计划项目(J14LN12)
山东省高校证据鉴识重点实验室(山东政法学院)开放课题(KFKT(SUPL)-201407)
关键词
入侵检测
半监督K均值聚类
模拟退火
intrusion detection
semi-supervised K-means clustering
simulated annealing
