摘要
研究多层差异网络入侵的高效检测问题,保障工业网络控制系统的安全。由于在多层差异网络环境下,不同层次、不同深度的网络空间受到的入侵破坏程度和入侵特征完全不同。传统的入侵检测都是把这些差异化的入侵结果进行加权,计算一个融合后的阀值,衡量是否被入侵,但是这种方法没有对不同层次的入侵特征进行细分,误报率和漏报率较高,提出一种基于模糊C均值聚类算法的多层差异网络深度入侵检测的数据挖掘方法。采集相关数据进行样本特征的提取和分析,利用模糊C均值聚类方法对不同层的入侵数据进一步的分类计算,在分类后的结果中,获取异常数据的行为模式,根据不同模式的结果完成入侵检测。实验结果表明,利用改进算法进行多层差异网络深度入侵检测挖掘,能够提高检测准确率,降低误报率,提高检测效率。
Muhilayer differences of efficient network intrusion detection, the relation to the safety of the industrial network control system. In multilayer differences under the network environment, the depth of different levels, different network space by invasive extent of damage and the characteristics of the entirely different. Traditional intrusion detection is the differentiation of weighted invasion results, calculation of the threshold after a fusion, to measure whether it was an invasion, but this method is not more subdividing invasion characteristics of different levels and the rate of false positives and non - response rates higher, and puts forward a fuzzy c - means clustering algorithm based on the multilayer difference depth of network intrusion detection method of data mining. To collect relevant data samples feature extraction and analysis, the fuzzy c - means clustering method to different layers of the classification of the intrusion data further calculation, after the classification results, obtain abnormal data patterns of behaviour, ac- cording to the results of different model to complete the intrusion detection. Experimental results show that the im- proved algorithm USES the differences between network intrusion detection mining depth, can improve the detection accuracy, reduce the rate of false positives, improve the detection efficiency.
出处
《计算机仿真》
CSCD
北大核心
2015年第4期235-238,251,共5页
Computer Simulation
关键词
多层差异网络
入侵检测
模糊聚类算法
Difference of multilayer network
Intrusion detection
Fuzzy clustering algorithms