عنوان مقاله
الگوریتم خوشه بندی مبتنی بر گراف برای تشخیص نفوذ آنومالی
فهرست مطالب
چکیده
مقدمه
الگوریتم خوشه بندی مبتنی بر گراف
الگوریتم خوشه بندی مبتنی بر گراف جهت تشخیص نفوذ
آزمایش
نتیجه گیری
بخشی از مقاله
B. پیش پردازش داده ها
برای بهبود کارایی تشخیص آزمایش، ویژگیهایی را حذف می کنیم که برای آزمایش بلااستفاده هستند. پس از تجزیه و تحلیل دقیق، 20 خصوصیت نظیر طول عمر TCP، اندازه پنجره، و طول بسته را به عنوان اهداف مطالعه غربال می کنیم. از طرف دیگر، با پیشگیری از مسئله ای که اعداد بزرگ اثر اعداد کوچک را حذف می کنند، تبدیل زیر را انجام می دهیم:
کلمات کلیدی:
A Graph-based Clustering Algorithm for Anomaly Intrusion Detection Zhou Mingqiang College of Computer Science Chongqing University Chongqing, China zmqmail@cqu.edu.cn Huang Hui, Wang Qian College of Computer Science Chongqing University Chongqing, China {huanghui, wangqian}@cqu.edu.cn Abstract—Many researchers have argued that data mining can improve the performance of intrusion detection system. So as one of important techniques of data mining, clustering is an important means for intrusion detection. Due to the disadvantages of traditional clustering methods for intrusion detection, this paper presents a graph-based intrusion detection algorithm by using outlier detection method that based on local deviation coefficient (LDCGB). Compared to other intrusion detection algorithm of clustering, this algorithm is unnecessary to initial cluster number. Meanwhile, it is robust in the outlier’s affection and able to detect any shape of cluster rather that the circle one only. Moreover, it still has stable rate of detection on unknown or muted attacks. LDCGB uses graph-based cluster algorithm (GB) to get an initial partition of data set which is depended on parameter of cluster precision rather than initial cluster number. On the other hand, because of this intrusion detection model is based on mixed training dataset, so it must have high label accuracy to guarantee its performance. Therefore, in labeling phrase, the algorithm imposes outlier detection algorithm of local deviation coefficient to label the result of GB algorithm again. This measure is able to improve the labeling accuracy. The detection rate and false positive rate are obtained after the algorithm is tested by the KDDCup99 data set. The experimental result shows that the proposed algorithm could get a satisfactory performance. Keywords; intrusion detection;Graph-based clustering;cluster precision; outlier detection;labeling accuracy I. INTRODUCTION As the increase of the significance of computer networks in modern society, its security becomes one of the hottest issues to be solved. Therefore, it is extremely imperative to find an effective way to protect this valuable network infrastructure. There is imperative requirement to protect our computers from unauthorized or malicious actions. And intrusion detection system is a useful tool for detecting attacks. After Denning [1] introduced the first intrusion detection model to find these behaviors which are different from users’, many approaches , that is to address the problems of IDS, have been proposed, such as machine learning [2], immunological [3] and data mining. Among these techniques, data mining has been widely used technology and successful in solving the deficiencies existed in intrusion detection and prevention systems by discovering users’ behaviors from massive data. Wenke Lee presented an improved method of RIPPER which lead to the set of association rules and frequent episode patterns generated is easy to understand [4]. Besides, due to the bottleneck of frequent items of association rule-based Apriori algorithm, a Length-decreasing support could solve this problem [5]. In order to classify the high dimension data, GA algorithm is used to select a value subset of input features for decision tree classifiers [6].
