一种基于
DBI-PD
聚类算法的异常检测机制
丁姝郁
【期刊名称】
《电脑开发与应用》
【年
(
卷
),
期】
2015(000)002
【摘要】
分析了网络数据维数和检测准确度之间的关系,介绍了常用于入侵检
测的聚类分析方法及其优缺点。在此基础上,提出一种以戴维森堡丁指数
(
DBI
)为聚类准则、基于划分和密度方法的聚类算法(
DBI-PD
)
。该方法通
过信息增益率(
IGR
)提取网络数据中对检测攻击最有用的“特征”,并以
DBI
准则确定最优聚类个数、划分和密度两种聚类分析方法结合使用用于异常
检测。提出的基于
DBI-PD
的异常检测机制能有效避免聚类分析在入侵检测中
的“维数灾难”问题、避免无用数据特征干扰,还能改善聚类质量,从而提高
检测准确度。
%In this paper, the relationship between the dimensions of
network
data
and
the
detection
accuracy
is
analyzed.
In
addition,
this
paper
introduces
clustering
analysis
methods
which
are
often
used
in
intrusion
detection
and
compare
their
advantages
and
disadvantages.
On the basis of that, this paper proposes a partition and density-based
clustering
algorithm
used
Davies-Bouldin
Index
(DBI-PD).
DBI-PD
method firstly selects the most related features for detection in network
data
using
information
gain
ratio
(IGR),
then
determines
the
optimal
number of clusters based on DBI, and finally combines the partition and
density
clustering
methods
to
detect.
The
DBI-PD
based
anomaly
detection
scheme
proposed
in
this
paper
can
effectively
avoid
the