摘要
针对基于监督学习入侵检测算法中面临标记大量数据的问题,提出了一种基于主动学习的半监督聚类入侵检测算法.该算法利用少量的标记数据,生成用于初始化算法的种子聚类,然后辅助聚类过程,并根据网络数据的特点,将主动学习策略应用于半监督聚类过程中,可用于检测已知和未知网络攻击.主动学习策略查询网络中未标记数据与标记数据的约束关系,对标记数据可以快速获得k个不相交的非空近邻集,很大程度上改进了算法的性能.实验结果表明了算法的可行性及有效性.
Considering the problem of large labeled data in intrusion detection algorithms with supervised learning,based on active-learning semi-supervised clustering,an intrusion detection algorithm was proposed.A few limited labeled data was used to generate seed clusters in the process of initiating the algorithm;and then it was aided to clustering process.According to the characteristics of the network data,the clustering could be used to detect known and unknown attacks.Active-learning strategy searched the restriction relation between unlabeled data and labeled data in network.The labeled data could attain the k-disjointed-sets that were not null adjacent sets.Also,they could improve performance of the algorithm.The experiment results show the algorithm is feasible and effective.
出处
《江苏科技大学学报(自然科学版)》
CAS
北大核心
2010年第2期160-163,共4页
Journal of Jiangsu University of Science and Technology:Natural Science Edition
基金
江苏省高校自然科学基金资助项目(2005DX006J)
关键词
主动学习
半监督聚类
入侵检测
active-learning
semi-supervised clustering
intrusion detection