检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]广东工业大学计算机学院,广东广州510006
出 处:《计算机应用与软件》2016年第1期307-311,共5页Computer Applications and Software
基 金:国家自然科学基金项目(61272067;61104156);教育部重点实验室基金项目(110411)
摘 要:针对现有入侵检测技术误报率高、未知攻击检测难,而单一检测技术难以检测复杂的网络攻击等问题,提出一种基于FCM-C4.5的双过滤入侵检测机制。检测机制分两层对数据进行过滤,第一层采用模糊C均值聚类算法FCM(fuzzy C-means algorithm)初步过滤掉明显的正常数据,从而减少了第二层过滤的数据量;第二层运用决策树C4.5算法进行细过滤,从而获得效率与精度的提高。通过KDD CUP 99数据集的实验表明,该检测机制既能检测到已知攻击又能检测到未知攻击,且具有较高检测率和较低误报率。Existing intrusion detection technology has high false alarm rate, and is difficult to detect the unknown attacks, while the single detection technology is difficult to detect complicated network attacks. Aiming at these problems, in this paper we propose an FCM and C 4.5- based dual filtration intrusion detection mechanism. The detection mechanism is divided into two layers to filter the data, the first layer uses fuzzy c-means clustering (FCM) algorithm to filter out obvious normal data initially so that reduces the data amount to be filtered by second layer; and the second layer uses {34.5 decision tree algorithm to carry out refined filtration so that achieves the improvement in efficiency and accuracy. It is demonstrated by the experiment on the Knowledge Discovery and Data Mining ( KDD' 99 ) that the detection mechanism proposed in this paper can detect both known attacks and unknown attacks with higher detection rate and lower false alarm rate.
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249