摘要
针对现有多源入侵检测设备产生的报警数据中存在大量冗余和相似报警,导致检测精度较低的问题,提出一种基于模糊聚类的报警数据并行融合方法。该方法采用模糊聚类的思想融合多源报警数据,通过最大最小距离算法改进模糊C均值聚类,避免聚类结果陷入局部最优解,同时利用MapReduce分布式计算模型提高处理效率。在真实入侵检测环境中的实验结果显示,通过该方法聚类后的数据融合率达到87.88%,证明该方法可有效去除误报警,提高检测精度。
Aiming at the problem that the alarm data generated by the existing multi-source intrusion detection equipment has a large number of redundant and similar alarms,resulting in low detection accuracy,a parallel fusion method of alarm data based on fuzzy clustering is proposed.This method uses the idea of fuzzy clustering to fuse multi-source alarm data,improve the fuzzy C-means clustering through the maximum and minimum distance algorithm,avoid clustering results into local optimal solutions At the same time,use MapReduce distributed computing model to improve processing efficiency.Experimental results in a real intrusion detection environment show that the data fusion rate after clustering by this method reaches 87.88%,which proves that the proposed method can effectively remove false alarms and improve detection accuracy.
作者
陶晓玲
赵培超
陈隆生
TAO Xiaoling;ZHAO Peichao;CHEN Longsheng(Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems,Guilin University of Electronic Technology,Guilin 541004,China;School of Computer Science and Engineering Information Security,Guilin University of Electronic Technology,Guilin 541004,China)
出处
《桂林电子科技大学学报》
2020年第4期310-315,共6页
Journal of Guilin University of Electronic Technology
基金
国家自然科学基金(61962015)
广西自然科学基金(2016GXNSFAA380098)。
