本文選題：聚類　切入點(diǎn)：核方法　出處：《南京郵電大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：入侵檢測(cè)技術(shù)作為一種主動(dòng)防御的安全技術(shù)已經(jīng)成為了當(dāng)前重要的研究課題，聚類分析作為無(wú)監(jiān)督學(xué)習(xí)方法它可以直接在無(wú)標(biāo)記的數(shù)據(jù)上檢測(cè)入侵。而模糊聚類分析體現(xiàn)了樣本類屬的不確定性，更貼近現(xiàn)實(shí)事物的分類，提高對(duì)未知入侵的檢測(cè)能力，從而模糊聚類技術(shù)成為入侵檢測(cè)中的重要技術(shù)之一。 本文主要針對(duì)模糊C均值（FCM）聚類算法及其改進(jìn)的算法在入侵檢測(cè)中的應(yīng)用進(jìn)行了研究與分析。本文主要工作如下： 1、提出了基于初始點(diǎn)優(yōu)化與隸屬度函數(shù)優(yōu)化的FCM算法（DMFCM）。該方法由原始的隨機(jī)選取聚類中心改為用密度法根據(jù)點(diǎn)密度大小來(lái)計(jì)算選取聚類中心，，避免陷入局部最優(yōu)解；另外優(yōu)化了隸屬度函數(shù)從而降低了孤立點(diǎn)對(duì)聚類中心的影響。實(shí)驗(yàn)結(jié)果表明DMFCM算法的聚類速度和迭代次數(shù)明顯的降低，入侵檢測(cè)的速率有所加快，檢測(cè)率稍有提高。 2、提出了基于距離修正的模糊核C均值聚類算法（KFCM_d）。該方法在原始的模糊核C均值聚類算法（KFCM）采用了歐氏距離的基礎(chǔ)上考慮數(shù)據(jù)點(diǎn)與數(shù)據(jù)點(diǎn)間距離的變化，修正了歐氏距離。實(shí)驗(yàn)結(jié)果表明該方法對(duì)于非線性可分的數(shù)據(jù)集聚類效果好，入侵檢測(cè)檢測(cè)率提高，誤報(bào)率降低。 3、提出了基于距離修正的噪聲類模糊核C均值聚類算法（NKFCM_d）。該方法考慮噪聲的影響將噪聲聚類與KFCM_d算法結(jié)合，使得算法有良好的抗噪聲性能。實(shí)驗(yàn)結(jié)果表明該算法對(duì)于含噪聲的非線性可分的數(shù)據(jù)集聚類結(jié)果好,很大程度的提高了入侵檢測(cè)檢測(cè)率，降低了誤報(bào)率。
[Abstract]:As a kind of active defense security technology, intrusion detection technology has become an important research topic at present. Clustering analysis, as an unsupervised learning method, can directly detect intrusion on unmarked data, while fuzzy cluster analysis reflects the uncertainty of sample genus, is closer to the classification of real things, and improves the ability of detecting unknown intrusion. Thus fuzzy clustering technology has become one of the most important technologies in intrusion detection. In this paper, the application of fuzzy C-means FCM-based clustering algorithm and its improved algorithm in intrusion detection is studied and analyzed. The main work of this paper is as follows:. 1. A new FCM algorithm based on initial point optimization and membership function optimization is proposed. This method is changed from the original random selection of the cluster center to the density method to calculate the selection of the cluster center according to the size of the point density, so as to avoid falling into the local optimal solution. In addition, the membership function is optimized to reduce the influence of isolated points on the clustering center. The experimental results show that the clustering speed and iteration number of DMFCM algorithm are obviously reduced, the rate of intrusion detection is accelerated, and the detection rate is slightly improved. 2. A fuzzy kernel C-means clustering algorithm based on distance correction is proposed. The algorithm takes Euclidean distance into account on the basis of the original fuzzy kernel C-means clustering algorithm, which takes into account the change of the distance between data points and data points. The Euclidean distance is corrected. The experimental results show that the proposed method has a good effect on nonlinear separable data aggregation, improves the detection rate of intrusion detection and reduces the false alarm rate. 3. A distance modified noise class fuzzy kernel C-means clustering algorithm is proposed, which combines noise clustering with KFCM_d algorithm, considering the effect of noise. The experimental results show that the proposed algorithm is good for the clustering of nonlinear and separable data with noise, and greatly improves the detection rate of intrusion detection and reduces the false alarm rate.
【學(xué)位授予單位】：南京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP311.13

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 姚君蘭;;入侵檢測(cè)技術(shù)及其發(fā)展趨勢(shì)[J];信息技術(shù);2006年04期

2 胡康興;唐東斌;;基于模糊動(dòng)態(tài)聚類的入侵檢測(cè)[J];計(jì)算機(jī)工程;2007年10期

本文編號(hào)：1612299