高级检索

    基于特征选择的模糊聚类异常入侵行为检测

    Anomaly Intrusion Behavior Detection Based on Fuzzy Clustering and Features Selection

    • 摘要: 网络攻击连接具有行为的多变性和复杂性等特征,利用基于传统聚类的行为挖掘技术来构建异常入侵检测模型是不可行的.针对网络攻击行为的特点,提出了基于特征选择的模糊聚类异常入侵模型.首先通过层次聚类算法改善了FCM聚类算法结果对初始聚类中心的敏感性,再利用遗传算法的全局搜索能力克服了其在迭代时易陷入局部最优的缺点,并将它们结合构成一种AGFCM算法;然后采用信息增益算法对网络攻击连接数据集的特征属性进行排序,同时利用约登指数来删减数据集的特征属性以确定特征属性容量;最后利用低维特征属性集和改进的FCM聚类算法构建了异常入侵检测模型.实验结果表明该模型对绝大多数的网络攻击类型具有很好的检测能力,为解决异常入侵检测模型的误警率和检测率等问题提供了一种可行的解决途径.

       

      Abstract: The behaviors of network attack connection are always changeable and complex. Typical behavior mining methods, which always do using traditional clustering, do not fit in with constructing anomaly intrusion detection model. According to the characteristics of network attacks, the anomaly intrusion detection model based on fuzzy clustering and features selection are proposed. Firstly, the results that the fuzzy C-means clustering algorithm is sensitive to the initial cluster centers is improved using hierarchical clustering algorithm, the disadvantage that FCM is easy to fall into local optimum in the iteration is overcome using the global search ability of genetic algorithm, and they are combined into a AGFCM algorithm. Secondly, the feature attribute data sets of network attack connection are sorted through the information gain algorithm. The capacity of feature attributes is determined by using the Youden index to cut the data sets at the same time. Lastly, the anomaly intrusion detection model is built by using the attribute data sets dimensionality reduction and improved FCM clustering algorithm. Experimental results show that the anomaly intrusion detection model can effectively detect the vast majority of network attack types, which provides a feasible solution for solving the problems of false alarm rate and detection rate in anomaly intrusion detection model.

       

    /

    返回文章
    返回