基于改进密度聚类的异常检测算法

J4 ›› 2009, Vol. 47 ›› Issue (05): 954-960.

基于改进密度聚类的异常检测算法

胡亮, 任维武, 任斐, 刘晓博, 金刚

吉林大学计算机科学与技术学院, 长春 130012

收稿日期:2008-12-06 出版日期:2009-09-26 发布日期:2009-11-03
通讯作者: 胡亮 E-mail:hul@jlu.edu.cn.

Anomaly Detection Algorithm Based onImproved Density Clustering

HU Liang, LIN Wei-Wu, LIN Fei, LIU Xiao-Bo, JIN Gang

College of Computer Science and Technology, Jilin University, Changchun 130012, China

Received:2008-12-06 Online:2009-09-26 Published:2009-11-03
Contact: HU Liang E-mail:hul@jlu.edu.cn.

摘要/Abstract

摘要：

提出一种基于改进密度聚类的异常检测算法(ADIDC), 通过在各特征列上分别进行密度聚类, 并根据各特征对正常轮廓的支持度进行特征加权, 解决了聚类分析方法在异常检测应用中误报率较高的问题. 通过大量基于异常检测数据集 KDD Cup 1999的实验表明, 其相对于传统异常检测方法在保证较高检测率的前提下, 有效地降低了误报率, 对某些与正常行为相近的特殊攻击检测率明显提高. 同时利用特征权值进行特征筛选提高了其检测性能和效率, 更适应实时检测要求.

关键词: 入侵检测；异常检测；聚类；密度聚类；特征加权

Abstract:

This paper proposes an Anomaly Detection algorithm based on Improved Density Clustering(ADIDC). The improved algorithm adopts clustering features separately on individual characteristic arranges and weighting features by the correlativity between the features and the normal profile. It can solve the frequent problem of the high false positive rate on clustering in the application of anomaly detection. A series of experiments on well known KDD Cup 1999 dataset demonstrates that it has a lower false positive rate, especially ensuring high detection rate with respect to the traditional anomaly detection methods. The detection of the special attack which resembles the normal act is obviously improved. In addtion, the detection performace can be further optimized by feature selection via feature weights. It makes the proposed algorithm more suitable for the realtime detection.

Key words: intrusion detection； anomaly detection； clustering； density clustering； weight feature

中图分类号:

TP393

胡亮, 任维武, 任斐, 刘晓博, 金刚. 基于改进密度聚类的异常检测算法[J]. J4, 2009, 47(05): 954-960.

HU Liang, LIN Wei-Wu, LIN Fei, LIU Xiao-Bo, JIN Gang. Anomaly Detection Algorithm Based onImproved Density Clustering[J]. J4, 2009, 47(05): 954-960.

[1]	王丽丽, 于双元. 一种基于社团和分层思想的无标度演化模型[J]. J4, 2012, 50(06): 1169-1174.
[2]	郭东, 杜勇, 胡亮. 基于HDFS的云数据备份系统[J]. J4, 2012, 50(01): 101-105.
[3]	刘敏, 房至一, 王红斌, 张希. 一种新的处理能力优先的权值分配调度算法[J]. J4, 2011, 49(06): 1105-1110.
[4]	刘敏, 房至一, 王红斌, 徐鹏. 基于老化算法的分布式文件缓存算法[J]. J4, 2011, 49(05): 895-900.
[5]	周建秋, 石伟, 李强. 用关联方法推测网络蠕虫的传播路径[J]. J4, 2009, 47(6): 1241-1245.
[6]	韩璐, 张洁, 包铁, 李金宇, 刘淑芬. 基于SNMP的信息采集系统[J]. J4, 2009, 47(6): 1225-1229.
[7]	胡亮, 金刚, 于漫, 任斐, 任维武. 基于异常检测的入侵检测技术[J]. J4, 2009, 47(6): 1264-1270.