关键词: 异常检测, 聚类, 误检率, 检测率

Abstract: Network anomaly detection has been an active research topic in the field of intrusion detection for many years. However, it has not been widely applied in practice due to high false alarm rate, etc. Based on the centroidal Voronoi diagram, a new algorithm of anomaly detection was proposed in this paper, in which the centroidal Voronoi diagram was used in the clustering of sample data first, and then the point density was computed out according to the results of clustering for each sample point, which was used to determine whether the sample data was abnormal or not. Finally, a series of experiments on well known KDD Cup 1999 dataset demonstrate that the new algorithm has low false positive rate while ensuring high detection rate.

Key words: anomaly detection, clustering, false detecting rate, detection rate