计算机应用 ›› 2010, Vol. 30 ›› Issue (3): 699-701.

• 信息安全 • 上一篇    下一篇

聚类和时间序列分析在入侵检测中的应用

王令剑,滕少华   

  1. 广东工业大学
  • 收稿日期:2009-07-01 修回日期:2009-09-04 发布日期:2010-03-14 出版日期:2010-03-01
  • 通讯作者: 王令剑
  • 基金资助:
    广东省自然科学基金资助项目

Application of clustering and time-based sequence analysis in intrusion detection

,Shao-Hua TENG   

  • Received:2009-07-01 Revised:2009-09-04 Online:2010-03-14 Published:2010-03-01

摘要: 入侵检测通过收集各种网络数据,从中分析和发现可能的入侵攻击行为。聚类算法是一种无监督分类方法,能够很好地用于入侵检测。提出一种基于聚类分析和时间序列模型的异常入侵检测方法,该方法不需要手动标示的训练数据集就可以探测到很多不同类型的入侵行为。实验结果表明,该方法用于入侵检测具有较高的检测率和较低的误报率。

关键词: 入侵检测, 数据挖掘, 聚类, 时间序列

Abstract: Intrusion detection system can discover potential intrusion behavior by collecting and analyzing various network data. Clustering algorithm is an unsupervised machine learning method well applied in intrusion detection. In this paper, an algorithm of intrusion detection was explored based on clustering analysis and time-based sequence analysis. It is able to detect many different types of intrusion without manually classified data for training. The experimental results show that the algorithm is feasible and effective. It has higher detection rate and a lower false positive rate.

Key words: instruction detection, data mining, clustering, time-based sequence