多视角层次聚类下的无线网络入侵检测算法  被引量：3

作　　者：董新玉 解滨[1,2,3] 赵旭升 高新宝 DONG Xinyu;XIE Bin;ZHAO Xusheng;GAO Xinbao(College of Computer and Cyber Security,Hebei Normal University,Shijiazhuang 050024,China;Hebei Provincial Key Laboratory of Network&Information Security,Hebei Normal University,Shijiazhuang 050024,China;Hebei Provincial Engineering Research Center for Supply Chain Big Data Analytics&Data Security,Hebei Normal University,Shijiazhuang 050024,China)

机构地区：[1]河北师范大学计算机与网络空间安全学院,石家庄050024 [2]河北师范大学河北省网络与信息安全重点实验室,石家庄050024 [3]河北师范大学供应链大数据分析与数据安全河北省工程研究中心,石家庄050024

出　　处：《计算机科学与探索》2022年第12期2752-2764,共13页Journal of Frontiers of Computer Science and Technology

基　　金：国家自然科学基金(62076088);河北省教育厅自然科学基金项目(QN2021083);河北师范大学技术创新基金项目(L2020K09)。

摘　　要：针对现有基于监督学习的无线网络入侵检测算法误检率高、难以发现未知类型攻击行为、获取带标记网络数据代价大的问题,提出一种基于多视角层次聚类的无监督无线网络入侵检测算法。该算法基于无监督学习,不需要为参与分类器学习的大量无线网络数据进行人工标记,具有易获取训练数据集和发现未知类型攻击行为的优势,同时该算法引入多视角余弦距离作为层次聚类中无线网络数据对象间相似性度量,使聚类结果更加合理,对网络数据行为的判定更加准确,在一定程度上降低了入侵检测的误检率。选用公开无线网络攻击数据集(AWID)进行实验,通过主成分分析法对实验数据集进行降维处理,很大程度上降低了入侵检测算法的时间复杂度。实验结果表明,与传统的无线网络入侵检测算法相比,提出的多视角层次聚类下的无线网络入侵检测算法在检测率、误检率和发现未知攻击类型等性能上都有显著提升。Aiming at the problems of high false detection rate,difficult to find unknown attack behavior and high cost of obtaining marked data in existing wireless network intrusion detection algorithms based on supervised learning,this paper proposes an unsupervised wireless network intrusion detection algorithm based on multiple perspectives hierarchical clustering.The algorithm is based on unsupervised learning,and does not need to manually mark a large number of wireless network data participating in classifier learning.It has the advantages of easy access to training datasets and detection of unknown types of attack behavior.At the same time,the algorithm introduces multiple perspectives cosine distance as the similarity measure between wireless network data objects in hierarchical clustering,which makes the clustering results more reasonable and the judgment of network data behavior more accurate,and reduces the false detection rate of intrusion detection to a certain extent.In this paper,Aegean WIFI intrusion dataset(AWID)is selected as the experimental dataset,and principal component analysis is used to reduce the dimension of the experimental dataset,which greatly reduces the time complexity of intrusion detection algorithm.Experimental results show that the proposed wireless network intrusion detection algorithm based on multiple perspectives hierarchical clustering has a significant improvement in detection rate,false detection rate and detection of unknown attack types compared with traditional wireless network intrusion detection algorithms.

关 键 词：多视角 层次聚类 无线网络 入侵检测 主成分分析(PCA) 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]