摘要
入侵检测是一种主动防御网络中攻击行为的技术,在网络管理方面起着至关重要的作用,而传统的入侵检测技术无法识别未知攻击,也是长期困扰本领域的难题。针对未知类型的入侵攻击,提出了K-Means与FP-Growth算法相结合的未知攻击识别模型,以实现对未知攻击的规则进行提取。首先,对于多种未知攻击混合的数据,根据样本间的相似性用K-Means进行聚类分析,引入轮廓系数评估聚类的效果,聚类完成之后,同种未知攻击被分到相同的簇中,人工提取未知攻击的特征,对特征数据进行预处理,将连续型特征离散化,然后用FP-Growth算法挖掘未知攻击数据的频繁项集和关联规则,最后对其进行分析,得出该未知攻击的规则,用规则对该类型的未知攻击进行检测,结果表明,所提模型的准确率可达98.74%,优于其他相关模型。
Intrusion detection is a technology that proactively defends against attacks in the network and plays a vital role in network management.Traditional intrusion detection technology cannot identify unknown attacks,which is also a problem that has plagued this field for a long time.Aiming at unknown types of intrusion attacks,an unknown attack recognition model combining K-Means and FP-Growth algorithms is proposed to extract the rules of unknown attacks.First,for the data of a mixture of multiple unknown attacks,cluster analysis is performed with K-Means based on the similarity between samples,and the silhouette coefficient is introduced to evaluate the effect of clustering.After the clustering is completed,the same unknown attacks are classified into the same cluster,the feature of unknown attack is manually extracted,the feature data is preprocessed,the continuous feature is discretized,and then the frequent item sets and association rules of the unknown attack data are mined by the FP-Growth algorithm,and finally the rule unknown attack is obtained by analyzing it.The rules of attack are used to detect this type of unknown attack.The results show that the accuracy rate can reach 98.74%,which is higher than that of the related algorithms.
作者
曹扬晨
朱国胜
孙文和
吴善超
CAO Yang-chen;ZHU Guo-sheng;SUN Wen-he;WU Shan-chao(School of Computer and Information Engineering,Hubei University,Wuhan 430062,China)
出处
《计算机科学》
CSCD
北大核心
2022年第S01期581-587,共7页
Computer Science
基金
赛尔网络下一代互联网技术创新项目
基于网络流量重构的校园区域舆情挖掘与监测系统(NGII20170210)。
