摘要
为解决现有入侵检测系统规则库维护管理复杂,系统检测效率不足等问题,设计了一种基于改进K均值聚类的规则挖掘算法。首先针对传统k-means算法聚类数目不确定的问题,通过分析聚类数目与簇间距离、簇内距离的关系,引入动态函数确定最佳聚类数目;然后通过寻找数据密集区域避开离群点,优化了初始聚类中心的选择,提高了算法效率。采用改进k-means聚类的入侵规则挖掘算法能够快速有效的对大数据集进行聚类分析,解决了传统入侵检测系统规则库维护复杂、难于检测未知攻击等问题。
In order to solve the problems of the existing intrusion detection system,such as the complexity of the maintenanceand management of the rule base,the lack of the detection efficiency of the system,an intrusion rule mining algorithm based on im?proved K mean clustering algorithm is designed.Firstly,according to the problem that the traditional K-means algorithm is not sureof the number of clusters,by analyzing the relationship between the number of clusters and the distance between clusters and interclusters,the dynamic function is introduced to determine the optimal number of clusters.Then,the selection of initial cluster cen?ters is optimized by finding the data intensive regions to avoid outliers,which improves the efficiency of the algorithm.The intrusionrule mining algorithm based on improved k-means clustering algorithm can quickly and effectively do cluster analysis on large datasets,and solve the problems of traditional intrusion detection system,such as the complexity of rule base and difficulty of detectingunknown attacks.
作者
何明亮
陈泽茂
黄相静
HE Mingliang;CHEN Zemao;HUANG Xiangjing(Information Security Department,Naval University of Engineering,Wuhan 430033;No. 91681 Troops of PLA,Ningbo 315731)
出处
《计算机与数字工程》
2017年第6期1145-1149,共5页
Computer & Digital Engineering
基金
湖北省自然科学基金资助项目(编号:2015CF867)资助
