[1]郑苗苗,吉根林.一种处理混合型属性的无监督异常入侵检测方法[J].南京师范大学学报(工程技术版),2008,08(02):068-73.
 Zheng Miaomiao,Ji Genlin.An Unsupervised Anomaly Intrusion Detection for the Mixed Attributes[J].Journal of Nanjing Normal University(Engineering and Technology),2008,08(02):068-73.
点击复制

一种处理混合型属性的无监督异常入侵检测方法
分享到:

南京师范大学学报(工程技术版)[ISSN:1006-6977/CN:61-1281/TN]

卷:
08卷
期数:
2008年02期
页码:
068-73
栏目:
出版日期:
2008-06-30

文章信息/Info

Title:
An Unsupervised Anomaly Intrusion Detection for the Mixed Attributes
作者:
郑苗苗;吉根林;
南京师范大学数学与计算机科学学院, 江苏南京210097
Author(s):
Zheng MiaomiaoJi Genlin
School of Mathematics and Computer Science,Nanjing Normal University,Nanjing 210097,China
关键词:
入侵检测 聚类 混合型属性
Keywords:
intrusion de tection c lustering m ix ed attributes
分类号:
TP393.08
摘要:
针对目前入侵检测技术训练时处理类别型数据能力欠缺、误报率高的问题,提出一种处理混合型属性的无监督异常入侵检测方法,定义了类别型属性各取值之间的差异度,使得在对训练集进行无监督学习、生成检测模型过程中,能够同时有效地处理数值型属性和类别型属性.理论分析表明所定义的类别型属性值差异度既保留了类别型属性各取值之间的本质特征,同时也没有改变数据集的原始维数.实验中采用了网络入侵检测数据集KDD-CUP-99来训练模型.实验结果表明,采用的混合型属性处理方法进行聚类所建立的入侵检测模型,与现有方法相比,检测率高.
Abstract:
The cu rrent intrusion detec tion techniques can no t analyze the attributes com posed by ca tego rica l and suffer h igher fa lse detec tion rate. In th is paper, an e ffective anoma ly detection algorithm based on cluster ing is proposed to deal w ith m ixed a ttr ibu tes. Th is algor ithm, which ge ts c lusterm ode ls by using the c lustering a lgo rithm on un labeled training data, de fines the d istance betw een each pa ir of va lues in one catego rical attr ibute, can deal w ith both the num er ica l and ca tego rical attr ibute e fficiently. Theo re tica l analysis shows that it ho lds no t on ly the essence be tw een d ifferen t values in one categor ica l a ttribute, but a lso the orig inal dim ens ions of the dataset. A t last, expe rim en ts on the KDD-CUP-99 data records of netwo rk connections show that ourm ethod can detect in trusions m ore effic iently wh ile ma inta in ing a low fa lse positive ra te

参考文献/References:

[ 1] LeeW, S tolfo S J. Datam in ing fram ework for bu ilding intrusion detection m ode ls[ C] / /Proceed ings of the 1999 IEEE Symposium on Secu rity and Pr ivacy. Oakland: IEEE, 1999: 120-132.
[ 2] La zarev icA, Erto z L, Kum arV, e t a.l A comparative study o f anom aly detection schem es in ne tw ork intrusion detection[ C ] / /Proceedings o f the 3nd SIAM Interna tiona l Conference on DataM in ing. San Franc isco, CA: SIAM, 2003: 1-12.
[ 3] Po rtnoy L, Esk in E, Sto lfo S J. In trusion detection w ith unlabe led data us ing c luste ring [ C ] / /Proceed ings of the ACM CSS W o rkshop on DataM in ing Applied to Secur ity. Philadelphia, PA: ACM, 2001: 5-8.
[ 4] The th ird internationa l know ledge discovery and data m ining too ls competition da taset KDDCup- 99[ DB /OL]. [ 1999- 10-28] . http: / /kdd. ics. uc.i edu /da tabases /kddcup99 /kddcup99. htm ,l 1999.
[ 5] Jiaw eiH, Kam be rM. DataM in ing: Concepts and Techn iques[M ]. San Franc isco: M org an Kau fm ann, 2000: 232-233.
[ 6] Esk in E, Arno ld A, Pre rauM, e t a.l A g eom etr ic fram ew ork for unsuperv ised anom aly detec tion: De tecting intrusions in unlabeled data[ C] / /Proceedings o f the DataM ining for Security App lications. Boston: K luw erA cadem ic Press, 2002: 381-390.
[ 7] M odha D S, Spang lerW S. Fea ture we ighting in k-m eans cluster ing [ J]. M achine Learning, 2003, 52( 3): 217-237.
[ 8] W ilson D R, M artinzez T R. Im proved hete rogeneous d istance functions[ J] . Journal ofA rtific ied Inte lligence Research, 1997,6( 1): 1-34.
[ 9] Zhou ZH, Yu Y. Ensem bling loca l learners through mu ltim oda l perturbation[ J]. IEEE T rans System s, M an and Cybernetics B, 2005, 35( 4): 725-735.

相似文献/References:

[1]苗建新,吉根林,朱颖雯,等.基于闭合频繁Induced子树的GML文档结构聚类[J].南京师范大学学报(工程技术版),2009,09(02):061.
 Miao Jianxin,Ji Genlin,Zhu Yingwen.Clustering GML Documents by Structure Based on Closed Frequent Induced Subtrees[J].Journal of Nanjing Normal University(Engineering and Technology),2009,09(02):061.
[2]邱玉祥,杨明.一种基于混合差别矩阵的属性约简算法及其在入侵检测中的应用[J].南京师范大学学报(工程技术版),2008,08(03):071.
 Qiu Yuxiang,Yang Ming.An Algorithm for Attribute Reduction in Rough Set and its Application in Intrusion Detection[J].Journal of Nanjing Normal University(Engineering and Technology),2008,08(02):071.
[3]陈春玲,商子豪.基于AdaBoost和概率神经网络的入侵检测算法[J].南京师范大学学报(工程技术版),2008,08(04):021.
 Chen Chunling,Shang Zihao.Algorithm of Network Intrusion Detection Based on AdaBoost and PNN[J].Journal of Nanjing Normal University(Engineering and Technology),2008,08(02):021.

备注/Memo

备注/Memo:
基金项目: 江苏省自然科学基金( BK2005135)资助项目.
通讯联系人: 吉根林, 教授, 博士生导师, 研究方向: 数据库与数据挖掘技术、机器学习、XML技术、入侵检测等. E-m ail:gl ji@n jnu. edu. cn
更新日期/Last Update: 2013-04-24