基于模糊聚类的报警数据并行融合方法  被引量:3

Parallel fusion method of alarm data based on fuzzy clustering

在线阅读下载全文

作  者:陶晓玲[1,2] 赵培超 陈隆生 TAO Xiaoling;ZHAO Peichao;CHEN Longsheng(Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex Systems,Guilin University of Electronic Technology,Guilin 541004,China;School of Computer Science and Engineering Information Security,Guilin University of Electronic Technology,Guilin 541004,China)

机构地区:[1]桂林电子科技大学广西高校云计算与复杂系统重点实验室,广西桂林541004 [2]桂林电子科技大学计算机与信息安全学院,广西桂林541004

出  处:《桂林电子科技大学学报》2020年第4期310-315,共6页Journal of Guilin University of Electronic Technology

基  金:国家自然科学基金(61962015);广西自然科学基金(2016GXNSFAA380098)。

摘  要:针对现有多源入侵检测设备产生的报警数据中存在大量冗余和相似报警,导致检测精度较低的问题,提出一种基于模糊聚类的报警数据并行融合方法。该方法采用模糊聚类的思想融合多源报警数据,通过最大最小距离算法改进模糊C均值聚类,避免聚类结果陷入局部最优解,同时利用MapReduce分布式计算模型提高处理效率。在真实入侵检测环境中的实验结果显示,通过该方法聚类后的数据融合率达到87.88%,证明该方法可有效去除误报警,提高检测精度。Aiming at the problem that the alarm data generated by the existing multi-source intrusion detection equipment has a large number of redundant and similar alarms,resulting in low detection accuracy,a parallel fusion method of alarm data based on fuzzy clustering is proposed.This method uses the idea of fuzzy clustering to fuse multi-source alarm data,improve the fuzzy C-means clustering through the maximum and minimum distance algorithm,avoid clustering results into local optimal solutions At the same time,use MapReduce distributed computing model to improve processing efficiency.Experimental results in a real intrusion detection environment show that the data fusion rate after clustering by this method reaches 87.88%,which proves that the proposed method can effectively remove false alarms and improve detection accuracy.

关 键 词:入侵检测 报警融合 模糊聚类 MAPREDUCE 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象