一种半监督联合模型下的异常流量检测算法  被引量:2

Network Traffic Anomaly Detection Based on Semi-supervised Combination Model

在线阅读下载全文

作  者:许倩[1] 程东年[1] 程国振[1] 

机构地区:[1]国家数字交换系统工程技术研究中心,郑州450002

出  处:《小型微型计算机系统》2013年第6期1242-1247,共6页Journal of Chinese Computer Systems

基  金:国家"八六三"高技术研究发展计划项目(2009AA01A346)资助

摘  要:网络异常通常表现在多维特征中,而当前检测方法局限于一维特征或者多维特征的简单组合,使系统检测率低、误报率高.同时,有监督学习需要大量训练数据,而无监督学习准确率不足.因此,本文提出半监督联合模型(Semi-Supervised Com-bination,SM C)对数据的多维特征进行检测,通过解决非线性优化问题使联合过程信息损失最小化,较好地处理了噪声与孤立点.半监督学习方式利用少量已标记数据使模型更准确.本文以模糊C均值聚类(Fuzzy C-Means,FCM)作为基本检测器,经过实验验证,在目标误报率下基于SMC模型的异常检测算法的准确率比单个基本检测器提高了10%到20%.Traffic anomaly is characterized by multiple features, but the existing detection methods block its application wide for low detection rate and high false alarm rate, which is aiming at features of a single dimension or multiple dimensions mixed simply. Con- sidering the insufficient of training records of supervised methods and low detection rate of unsupervised methods, a novel model is proposed, named Semi-Supervised Combination (SMC). It fuses multiple features of traffic to decide whether the network is normal, minimizes the information loss by solving nonlinear optimization problems and deals well with noise and isolated points. Semi-super- vised method exploits labeled data to improve the precision of the model. This paper uses fuzzy C-means as base detectors, and the experimental results show that the algorithm based SMC improves over the base detectors by 10% to 20% in accuracy.

关 键 词:异常检测 多维特征 半监督联合 非线性优化 模糊C均值聚类 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象