基于模糊C均值算法的网络入侵行为检测方法

Network Intrusion Detection Based on Fuzzy C-Means Algorithm

常规的网络入侵行为检测模型对入侵源的识别方式多为定向,无法对异常位置进行精准标记,增大了误检率,因此提出基于模糊C均值算法的网络入侵行为检测方法。首先,结合网络运行现状,确定入侵特征子集,根据检测位置的变化布设相应的入侵检测节点,再利用各个未知设定的节点识别入侵源。其次,分层级进行多维异常标记与定义。最后,融合模糊C均值算法构建网络入侵行为检测模型,营造稳定、可靠的检测环境,并采用模糊拐点修正的方式实现入侵行为检测。测试结果表明,对比于传统深度分层网络入侵检测小组、传统数据挖掘网络入侵行为检测小组,本文所设计的模糊C均值算法网络入侵行为检测小组最终得出的误检率相对较低,较好地控制在20%以下,表明在针对入侵行为检测的过程中,对异常位置的标记更精准,检测偏差较小,针对性更强,具有实际的应用价值。

Most of the conventional network intrusion detection models identify the intrusion source in a directional way, which can not accurately mark the abnormal position, resulting in an increase in the false detection rate. Therefore, the network intrusion detection method based on the fuzzy C-means algorithm is proposed. Firstly, combined with the current situation of network operation,first determine the subset of intrusion features, deploy corresponding intrusion detection nodes according to the change of detection location, identify the intrusion source by using each unknown node, and then make multi-dimensional anomaly marks and definitions at the hierarchical level. Finally, integrate the fuzzy C-means algorithm to build a network intrusion detection model and create a stable and reliable detection environment, Intrusion detection is realized by fuzzy inflection point correction. The final test results show that, compared with the traditional deep layered network intrusion detection team and the traditional data mining network intrusion detection team, the final false detection rate of the fuzzy C-means algorithm network intrusion detection team designed in this paper is relatively low, and is better controlled below 20%, indicating that in the process of intrusion detection, the marking of abnormal positions is more accurate, the detection deviation is smaller, and the pertinence is stronger, it has practical application value.