计算机应用 ›› 2011, Vol. 31 ›› Issue (09): 2359-2361.

• 信息安全 • 上一篇    下一篇

基于各向异性质心Voronoi图的网络异常检测技术

李小雷,王雷   

  1. 湖南大学 信息科学与工程学院,长沙 410082
  • 收稿日期:2011-03-22 修回日期:2011-05-20 发布日期:2011-09-01 出版日期:2011-09-01
  • 通讯作者: 李小雷
  • 作者简介:李小雷(1984-),女,湖南岳阳人,硕士,主要研究方向:计算机网络、数据挖掘;
    王雷(1973-),男,湖南长沙人,副教授,博士,主要研究方向:计算机网络、并行计算。
  • 基金资助:
    湖南大学“中央高校基本科研业务费”资助项目

Network anomaly detection based on anisotropic centroidal Voronoi diagram

LI Xiao-lei,WANG Lei   

  1. School of Information Science and Engineering, Hunan University, Changsha Hunan 410082, China
  • Received:2011-03-22 Revised:2011-05-20 Online:2011-09-01 Published:2011-09-01
  • Contact: LI Xiao-lei

摘要: 网络异常检测技术是入侵检测研究领域中的重要内容,但在检测率和误报率上存在相互制约的问题,导致实际应用中性能不高。基于各向异性质心Voronoi图,提出一种新的网络异常检测算法。在新算法中,首先对数据集用各向异性质心Voronoi图进行聚类,然后计算每个数据点的点密度,判断数据点是否正常。通过KDD Cup1999数据集的实验测试表明,新算法具有较高的检测率和较低的误报率。

关键词: 数据挖掘, 聚类, 网络异常检测, 检测率, 误检率

Abstract: Network anomaly detection is an important research topic in the field of intrusion detection. However, it is inefficient in practice because the detection rate and false alarm rate restrain each other. Based on the anisotropic centroidal Voronoi diagram, a new algorithm of network anomaly detection was proposed. In this new algorithm, the anisotropic centroidal Voronoi diagram was used in the clustering of data set at first, then the point density for each data point was computed out, which was used to determine whether the data point was normal or not. The laboratory tests on KDD Cup 1999 data sets show that the new algorithm has a higher detection rate and a lower false alarm rate.

Key words: data mining, clustering, network anomaly detection, detection rate, false alarm rate

中图分类号: