期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于聚类的网络异常检测 被引量:1

Anomaly Detection by Clustering in the Network
下载PDF
导出
摘要 探索一种基于聚类来识别异常的方法,这个方法不需要手动标示的训练数据集却可以探测到很多不同类型的入侵行为.实验结果表明该方法是可行的和有效的,使用它来进行异常检测可以得到探测率和误报率的一个平衡,从而为异常检测问题提供一个较好的解决办法. In this paper we explore a clustering algorithm to identify outliers. No manually classified data is necessary for training and it is able to detect many different types of intrusion. The experiment result shows that the algorithm is feasible and effective, and anomaly detection by using this algorithm could get a balance between false positive rate and detection rate, .so it could be a better solution to anomaly detection.
作者 张西广 郑秋生 王虎祥 陈国强
机构地区 中原工学院计算机学院 忻州师范学院计算机系 河南大学计算机与信息工程学院
出处 《微电子学与计算机》 CSCD 北大核心 2008年第5期62-65,共4页 Microelectronics & Computer
关键词 入侵检测 聚类 特征检测 异常检测 intrusion detection clustering signature detection anomaly detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Barbara D, Wu N, Jajodia S. Detecting novel network intrusion using hayes estimators [ C ]// First SIAM Int'l Conf. On Data Mining (SDM'01). USA:Chicago, 2001.
  • 2Xie Y, Kim H, O'HaUaron D, et al. Seurat: a pointillist approach to anomaly detection[ C]//Proc. of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID2004). France: French Riviera, 2004, Springer Verlag:238 - 257.
  • 3赵佳宁,李忠诚.基于模拟的网络流量自相似现象分析[J].计算机科学,2001,28(11):57-61. 被引量:10
  • 4Mac Queen J. Some methods for classification and analysis of multivariate observations[C]//Proc, of the 5th Berkeley Syrup. Bernoulli, Mathematical Statistics and Probability, 1967.281 - 297.
  • 5Zhang Tian, Raghu Ramakrishnan, Miron Livny. BIRCH: an efficient data clustering method for very large databases[C]// 1996 ACM- SIGMOD Int. Conf. Management of Data (SIGMOD'96). Canada, Montreal, 1996:103-114.
  • 6Ester M, Kriegel H P, Sander J, et al. A density- based algorithm for discovering clusters in large spatial databases with noises[C]//Proc. 2nd Int. Conf. on Knowledge Discovery and Data Mining. Portland: AAAI Press, 1996: 226 - 231.
  • 7KDD99. Kdd99 cup dataset, 1999[EB/OL]. [2006- 12 - 20 ]. http://www. ll. mit. edu/IST/ideval/data/data index.html.
  • 8马晓春,高翔,高德远.聚类分析在入侵检测系统中的应用研究[J].微电子学与计算机,2005,22(4):134-136. 被引量:13

二级参考文献16

  • 1[1]Veres A,Boda M. The Chaotic Nature of TCP Congestion Control. IEEE Infocom'2000, Tel Aviv, Israel, Mar.2000
  • 2[2]Leland W E,et al. On the Self-Similar Nature of Ethernet Traffic. ACM SIGComm'93, SanFrancisco, CA, USA,Sep. 1993
  • 3[3]Paxon V, Floyd S. Wide Area Traffic: The Failure of Poisson Modeling. IEEE/ACM Transactions on Networking, 1995,3: 226~244
  • 4[4]Willinger W, et al. Self-similarity through high-variability: Statistical analysis of Ethernet LAN traffic at the source level. IEEE/ACM Transactions on Networking,1997,5(1) :71~86
  • 5[5]Crovella M E,Bestavros A. Self-similarity in world wide web traffic - evidence and possible causes. In: Proc. of ACM Sigmetrics'96,. 1996. 160~169
  • 6[6]Taqqu M S, Teverovsky V, Willinger W. Estimators for long-range dependence: an empirical study. Fractals,1995,3(4):,785~798
  • 7[7]Abry P,Veitch D. Wavelet Analysis of Long-Range-Dependent Traffic. IEEE Transactions on Information Theory,1998,44(1)
  • 8[8]Morris R. TCP Behavior with Many Flows. IEEE International Conference on Network Protocols, Oct. 1997
  • 9[9]Claffy K C,Braun H W,Polyzos G C.A parameterizable methodology for internet traffic flow profiling. IEEE Journal on Selected Areas in Communications, 1995,13:1481~1494
  • 10[10]Floyd S, Jacobson V. Random Early Detection Gateways for Congestion Avoidance. IEEE/ACM Transactions on Networking, Aug. 1993

共引文献21

同被引文献4

引证文献1

二级引证文献1

微电子学与计算机
2008年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部