计算机应用 ›› 2020, Vol. 40 ›› Issue (7): 1996-2002.DOI: 10.11772/j.issn.1001-9081.2019111915

• 网络空间安全 • 上一篇    下一篇

改进粗糙集属性约简结合K-means聚类的网络入侵检测方法

王磊   

  1. 苏州大学 信息化建设与管理中心, 江苏 苏州 215006
  • 收稿日期:2019-11-11 修回日期:2020-04-10 出版日期:2020-07-10 发布日期:2020-05-19
  • 通讯作者: 王磊
  • 作者简介:王磊(1987-),男,江苏苏州人,研究员,硕士,主要研究方向:云计算、计算机网络安全防护。
  • 基金资助:
    国家自然科学基金青年科学基金资助项目(61802272)。

Network intrusion detection method based on improved rough set attribute reduction and K-means clustering

WANG Lei   

  1. Center of Information Development and Management, Soochow University, Suzhou Jiangsu 215006, China
  • Received:2019-11-11 Revised:2020-04-10 Online:2020-07-10 Published:2020-05-19
  • Supported by:
    This work is partially supported by the Youth Program of National Natural Science Foundation of China (61802272).

摘要: 面对日益复杂的网络环境,传统入侵检测方法误报率高、检测效率低,且存在优化过程中准确性和可解释性相互矛盾等问题,因此提出一种结合改进粗糙集属性约简和K-means聚类的网络入侵检测(IRSAR-KCANID)方法。首先基于模糊粗糙集属性约简对数据集进行预处理,优化异常的入侵检测特征;再利用改进K-means聚类算法估计入侵范围阈值,并对网络特征进行分类;然后根据用于特征优化的线性规范相关性,从所选择的最优特征探索特征关联影响尺度以形成特征关联影响量表,完成对异常网络入侵的检测。实验结果表明,特征优化聚类后的最小化测量特征关联影响量表能在保证最大预测精度的前提下,最小化入侵检测过程的复杂度并缩短完成时间。

关键词: 网络异常检测, 改进粗糙集属性约简, 改进K-means聚类, 相关性分析, 特征关联尺度

Abstract: Under increasingly complex network environment, traditional intrusion detection methods have high false alarm rate, low detection efficiency and the contradiction between accuracy and interpretability in the optimization process. Therefore, an Improved Rough Set Attribute Reduction and optimized K-means Clustering Approach for Network Intrusion Detection (IRSAR-KCANID) was proposed. Firstly, the dataset was preprocessed based on the attribute reduction of fuzzy rough set in order to optimize the anomalous intrusion detection features. Then, the threshold of intrusion range was estimated by improved K-means clustering algorithm, and the network features were classified. After that, according to the linear canonical correlation used for feature optimization, the feature association impact scale was explored from the selected optimal features in order to form the table of feature association impact scale, and the detection of anomalous network intrusion was completed. The experimental results show that the minimum measured feature association impact scale table after feature optimization clustering can minimize the complexity of intrusion detection process and shorten the completion time on the premise of guaranteeing maximum prediction accuracy.

Key words: network anomaly detection, improved rough set attribute reduction, improved K-means clustering, correlation analysis, feature association scale

中图分类号: