本文選題：聚類　切入點：核方法　出處：《南京郵電大學》2014年碩士論文　論文類型：學位論文

【摘要】：入侵檢測技術作為一種主動防御的安全技術已經(jīng)成為了當前重要的研究課題，聚類分析作為無監(jiān)督學習方法它可以直接在無標記的數(shù)據(jù)上檢測入侵。而模糊聚類分析體現(xiàn)了樣本類屬的不確定性，更貼近現(xiàn)實事物的分類，提高對未知入侵的檢測能力，從而模糊聚類技術成為入侵檢測中的重要技術之一。 本文主要針對模糊C均值（FCM）聚類算法及其改進的算法在入侵檢測中的應用進行了研究與分析。本文主要工作如下： 1、提出了基于初始點優(yōu)化與隸屬度函數(shù)優(yōu)化的FCM算法（DMFCM）。該方法由原始的隨機選取聚類中心改為用密度法根據(jù)點密度大小來計算選取聚類中心，，避免陷入局部最優(yōu)解；另外優(yōu)化了隸屬度函數(shù)從而降低了孤立點對聚類中心的影響。實驗結果表明DMFCM算法的聚類速度和迭代次數(shù)明顯的降低，入侵檢測的速率有所加快，檢測率稍有提高。 2、提出了基于距離修正的模糊核C均值聚類算法（KFCM_d）。該方法在原始的模糊核C均值聚類算法（KFCM）采用了歐氏距離的基礎上考慮數(shù)據(jù)點與數(shù)據(jù)點間距離的變化，修正了歐氏距離。實驗結果表明該方法對于非線性可分的數(shù)據(jù)集聚類效果好，入侵檢測檢測率提高，誤報率降低。 3、提出了基于距離修正的噪聲類模糊核C均值聚類算法（NKFCM_d）。該方法考慮噪聲的影響將噪聲聚類與KFCM_d算法結合，使得算法有良好的抗噪聲性能。實驗結果表明該算法對于含噪聲的非線性可分的數(shù)據(jù)集聚類結果好,很大程度的提高了入侵檢測檢測率，降低了誤報率。
[Abstract]:As a kind of active defense security technology, intrusion detection technology has become an important research topic at present. Clustering analysis, as an unsupervised learning method, can directly detect intrusion on unmarked data, while fuzzy cluster analysis reflects the uncertainty of sample genus, is closer to the classification of real things, and improves the ability of detecting unknown intrusion. Thus fuzzy clustering technology has become one of the most important technologies in intrusion detection. In this paper, the application of fuzzy C-means FCM-based clustering algorithm and its improved algorithm in intrusion detection is studied and analyzed. The main work of this paper is as follows:. 1. A new FCM algorithm based on initial point optimization and membership function optimization is proposed. This method is changed from the original random selection of the cluster center to the density method to calculate the selection of the cluster center according to the size of the point density, so as to avoid falling into the local optimal solution. In addition, the membership function is optimized to reduce the influence of isolated points on the clustering center. The experimental results show that the clustering speed and iteration number of DMFCM algorithm are obviously reduced, the rate of intrusion detection is accelerated, and the detection rate is slightly improved. 2. A fuzzy kernel C-means clustering algorithm based on distance correction is proposed. The algorithm takes Euclidean distance into account on the basis of the original fuzzy kernel C-means clustering algorithm, which takes into account the change of the distance between data points and data points. The Euclidean distance is corrected. The experimental results show that the proposed method has a good effect on nonlinear separable data aggregation, improves the detection rate of intrusion detection and reduces the false alarm rate. 3. A distance modified noise class fuzzy kernel C-means clustering algorithm is proposed, which combines noise clustering with KFCM_d algorithm, considering the effect of noise. The experimental results show that the proposed algorithm is good for the clustering of nonlinear and separable data with noise, and greatly improves the detection rate of intrusion detection and reduces the false alarm rate.
【學位授予單位】：南京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08;TP311.13

【參考文獻】

相關期刊論文 前2條

1 姚君蘭;;入侵檢測技術及其發(fā)展趨勢[J];信息技術;2006年04期

2 胡康興;唐東斌;;基于模糊動態(tài)聚類的入侵檢測[J];計算機工程;2007年10期

本文編號：1612299