| ID—DC:基于分布式聚类的人侵检测方法 |
| |
| 引用本文: | 郑苗苗,吉根林.ID—DC:基于分布式聚类的人侵检测方法[J].江南学院学报,2007,6(6):733-738. |
| |
| 作者姓名: | 郑苗苗 吉根林 |
| |
| 作者单位: | 南京师范大学数学与计算机科学学院,江苏南京210097 |
| |
| 基金项目: | 江苏省自然科学基金项目(BK2005135). |
| |
| 摘 要: | 提出了基于分布式聚类的异常入侵检测方法ID—DC,通过对训练集进行分布式聚类产生聚簇模型,采用基于双参考点的标识算法Double—Reference标记异常簇,不需要具有类别标签的训练集且可自动确定聚簇模型的个数.实验中采用了网络入侵检测数据集KDD—CUP-99来训练模型.实验结果表明:通过采用分布式聚类算法建立的分布式入侵检测模型可有效地检测攻击,检测率高,误警率低.
|
| 关 键 词: | 入侵检测 分布式入侵检测 聚类 分布式聚类 |
| 文章编号: | 1671-7147(2007)06-0733-06 |
| 收稿时间: | 2007-07-05 |
| 修稿时间: | 2007-09-10 |
ID-DC.Intrusion Detection Based on Distributed Clustering |
| |
| ZHENG Miao-miao, JI Gen-lin.ID-DC.Intrusion Detection Based on Distributed Clustering[J].Journal of Jiangnan College,2007,6(6):733-738. |
| |
| Authors: | ZHENG Miao-miao JI Gen-lin |
| |
| Abstract: | In this paper, an effective and anomaly distributed detection algorithm ID-DC based on clustering is proposed to realize the DIDS. Algorithm ID-DC, which first get cluster models by using the distributed clustering algorithm on unlabeled training data and then labels these models through algorithm Double-Reference, overcomes the drawbacks of relying on labeled training data which most current anomaly-based intrusion detection depend on and expects to automatically partition the data set into a reasonable number of clusters. At last, the experiments on the KDD -CUP-99 data records of network connections show that our distributed clustering algorithm can efficiently detect intrusions while maintaining a low false positive rate. |
| |
| Keywords: | intrusion detection distributed intrusion detection clustering distributed clustering |
| 本文献已被 维普 等数据库收录! |
