基于SVDD的密度峰值聚類算法及其接入網(wǎng)入侵檢測研究
發(fā)布時(shí)間:2018-12-11 13:26
【摘要】:隨著信息技術(shù)快速發(fā)展,網(wǎng)絡(luò)技術(shù)應(yīng)用越來越普及,寬帶接入網(wǎng)進(jìn)入了信息化高速發(fā)展階段。社交通訊、電子商務(wù)和電子郵件等網(wǎng)絡(luò)形式的應(yīng)用豐富便利了人類生活的同時(shí),接入網(wǎng)絡(luò)信息安全也逐漸成為當(dāng)今社會最突出的問題之一。入侵檢測方法由于其獨(dú)特優(yōu)勢,已經(jīng)成為信息安全中不可缺失的技術(shù)手段。然而,接入網(wǎng)絡(luò)匯集點(diǎn)數(shù)據(jù)量大、業(yè)務(wù)類型多且內(nèi)容復(fù)雜,傳統(tǒng)入侵檢測系統(tǒng)大多基于規(guī)則或事件檢測方式,不僅精度低或速度慢,對規(guī)則或事件的依賴性強(qiáng),已經(jīng)無法滿足現(xiàn)有接入網(wǎng)絡(luò)安全的需求。近年,智能機(jī)器學(xué)習(xí)技術(shù)及其應(yīng)用逐漸完善,尤其是支持向量數(shù)據(jù)描述(SVDD),在處理大數(shù)據(jù)量、高維度、非線性的單分類問題上取得較好效果。然而,SVDD算法的研究時(shí)間短,理論研究還處于起步階段,且接入網(wǎng)入侵檢測的目標(biāo)樣本特征分布不均衡,基于SVDD入侵檢測接入網(wǎng)存在預(yù)測準(zhǔn)確度明顯偏向多類的不足。針對上述問題,本文提出了一種基于SVDD的密度峰值聚類算法(DDPC-SVDD),該算法基本思想是通過SVDD結(jié)合改進(jìn)密度峰值聚類算法(DDPC),將松散的數(shù)據(jù)集用若干個(gè)緊湊的子簇分界面來進(jìn)行數(shù)據(jù)描述。雖然傳統(tǒng)的密度峰值聚類算法可劃分出若干凸型類簇,但是經(jīng)驗(yàn)選取截?cái)嗑嚯x(dc)值可能導(dǎo)致聚類效果不穩(wěn)定。因此,本文引入適應(yīng)于帶噪點(diǎn)數(shù)據(jù)集的聚類衡量指標(biāo)——調(diào)整的輪廓系數(shù)(ASIL)。通過選取不同dc值計(jì)算ASIL以衡量聚類指標(biāo),實(shí)現(xiàn)最優(yōu)dc值下最佳聚類效果。聚類后的各子簇再經(jīng)過SVDD生成相應(yīng)的分類器,本文采用自適應(yīng)變異粒子群算法(PSO)解決SVDD參數(shù)尋優(yōu)問題。DDPC-SVDD無需事先設(shè)定聚類個(gè)數(shù)k值,且應(yīng)用到接入網(wǎng)入侵檢測模型訓(xùn)練中可實(shí)現(xiàn)全自動化操作過程。通過實(shí)驗(yàn)及仿真研究表明:本文提出ASIL指標(biāo)能夠準(zhǔn)確評價(jià)聚類效果,并且采用該指標(biāo)指導(dǎo)尋優(yōu)的DDPC算法,其準(zhǔn)確度明顯高于其他的聚類算法。本文提出的DDPC-SVDD算法不僅在標(biāo)準(zhǔn)的UCI數(shù)據(jù)集上表現(xiàn)很好的分類效果,而且在樣本不均勻的Kdd Cpu 1999數(shù)據(jù)集(經(jīng)典的入侵樣本數(shù)據(jù)集)上取得滿意的結(jié)果。
[Abstract]:With the rapid development of information technology, the application of network technology is becoming more and more popular. Social communication, electronic commerce, email and other network forms of rich and convenient for human life, access to network information security has gradually become one of the most prominent social problems. Because of its unique advantages, intrusion detection method has become an indispensable technology in information security. However, the access network aggregates a large amount of data, has a large number of service types and complex content. Most of the traditional intrusion detection systems are based on rules or event detection methods, not only low precision or slow speed, but also strong dependence on rules or events. It has been unable to meet the security needs of the existing access network. In recent years, the intelligent machine learning technology and its application have been gradually improved, especially the support vector data description (SVDD),) has achieved good results in dealing with large data volume, high dimensional, nonlinear single classification problems. However, the research time of SVDD algorithm is short, the theoretical research is still in its infancy, and the distribution of target sample features in access network intrusion detection is not balanced. The prediction accuracy of access network based on SVDD is obviously biased to many classes. In order to solve the above problems, a density peak clustering algorithm (DDPC-SVDD) based on SVDD is proposed in this paper. The basic idea of this algorithm is to improve the density peak clustering algorithm (DDPC),) by combining SVDD with density peak clustering algorithm. Loose data sets are described with several compact sub-cluster interfaces. Although the traditional peak density clustering algorithm can divide some convex clusters, the empirical truncation distance (dc) may lead to the instability of clustering effect. Therefore, this paper introduces the adjusted contour coefficient (ASIL)., which is suitable for clustering with noisy data sets. By selecting different dc values to calculate ASIL to measure the clustering index, the best clustering effect under the optimal dc value can be realized. In this paper, the adaptive mutation particle swarm optimization (PSO) algorithm is used to solve the optimization problem of SVDD parameters. The DDPC-SVDD does not need to set the number of clusters k. And it can be applied to the training of intrusion detection model of access network to realize the full automatic operation process. The experimental and simulation results show that the ASIL index can accurately evaluate the clustering effect, and the accuracy of the DDPC algorithm is obviously higher than that of other clustering algorithms. The proposed DDPC-SVDD algorithm not only performs well on standard UCI datasets, but also achieves satisfactory results on Kdd Cpu 1999 datasets with uneven samples (classical intrusion data sets).
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP311.13;TP393.08
本文編號:2372630
[Abstract]:With the rapid development of information technology, the application of network technology is becoming more and more popular. Social communication, electronic commerce, email and other network forms of rich and convenient for human life, access to network information security has gradually become one of the most prominent social problems. Because of its unique advantages, intrusion detection method has become an indispensable technology in information security. However, the access network aggregates a large amount of data, has a large number of service types and complex content. Most of the traditional intrusion detection systems are based on rules or event detection methods, not only low precision or slow speed, but also strong dependence on rules or events. It has been unable to meet the security needs of the existing access network. In recent years, the intelligent machine learning technology and its application have been gradually improved, especially the support vector data description (SVDD),) has achieved good results in dealing with large data volume, high dimensional, nonlinear single classification problems. However, the research time of SVDD algorithm is short, the theoretical research is still in its infancy, and the distribution of target sample features in access network intrusion detection is not balanced. The prediction accuracy of access network based on SVDD is obviously biased to many classes. In order to solve the above problems, a density peak clustering algorithm (DDPC-SVDD) based on SVDD is proposed in this paper. The basic idea of this algorithm is to improve the density peak clustering algorithm (DDPC),) by combining SVDD with density peak clustering algorithm. Loose data sets are described with several compact sub-cluster interfaces. Although the traditional peak density clustering algorithm can divide some convex clusters, the empirical truncation distance (dc) may lead to the instability of clustering effect. Therefore, this paper introduces the adjusted contour coefficient (ASIL)., which is suitable for clustering with noisy data sets. By selecting different dc values to calculate ASIL to measure the clustering index, the best clustering effect under the optimal dc value can be realized. In this paper, the adaptive mutation particle swarm optimization (PSO) algorithm is used to solve the optimization problem of SVDD parameters. The DDPC-SVDD does not need to set the number of clusters k. And it can be applied to the training of intrusion detection model of access network to realize the full automatic operation process. The experimental and simulation results show that the ASIL index can accurately evaluate the clustering effect, and the accuracy of the DDPC algorithm is obviously higher than that of other clustering algorithms. The proposed DDPC-SVDD algorithm not only performs well on standard UCI datasets, but also achieves satisfactory results on Kdd Cpu 1999 datasets with uneven samples (classical intrusion data sets).
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP311.13;TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前3條
1 魏振偉;劉飛;;粒子群特征優(yōu)選的SVDD入侵檢測研究[J];微電子學(xué)與計(jì)算機(jī);2016年08期
2 畢方明;王為奎;陳龍;;基于空間密度的群以噪聲發(fā)現(xiàn)聚類算法研究[J];南京大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年04期
3 阮耀平,易江波,趙戰(zhàn)生;計(jì)算機(jī)系統(tǒng)入侵檢測模型與方法[J];計(jì)算機(jī)工程;1999年09期
相關(guān)碩士學(xué)位論文 前3條
1 吳同;基于深度學(xué)習(xí)的分類算法研究及應(yīng)用[D];吉林大學(xué);2016年
2 魯安妮;基于DAP-SVDD長春地區(qū)未來24小時(shí)霧霾預(yù)測模型研究[D];吉林大學(xué);2016年
3 韓夢飛;基于K-means聚類和數(shù)據(jù)一致性的WSN多邊定位算法[D];吉林大學(xué);2012年
,本文編號:2372630
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2372630.html
最近更新
教材專著
