作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (18): 240-242. doi: 10.3969/j.issn.1000-3428.2011.18.080

• 工程应用技术与实现 • 上一篇    下一篇

基于密度的离群点挖掘在入侵检测中的应用

闫少华,张 巍,滕少华   

  1. (广东工业大学计算机学院,广州 510006)
  • 收稿日期:2011-03-09 出版日期:2011-09-20 发布日期:2011-09-20
  • 作者简介:闫少华(1986-),男,硕士研究生,主研方向:数据挖掘,网络安全;张 巍,副教授、硕士;滕少华,教授、博士
  • 基金资助:

    广东省自然科学基金资助项目(06021484, 9151009001000007);广东省科技计划基金资助项目(2008A060201011)

Application of Density-based Outlier Mining in Intrusion Detection

YAN Shao-hua, ZHANG Wei, TENG Shao-hua   

  1. (Faculty of Computer, Guangdong University of Technology, Guangzhou 510006, China)
  • Received:2011-03-09 Online:2011-09-20 Published:2011-09-20

摘要: 给出一种基于密度的局部离群点挖掘方法。采用KDD99数据集进行实验,对数据集中的41个属性提取特征,利用基于密度的聚类对统计处理过的数据集实行剪枝操作,剪除数据集中大部分密集的数据对象,保留未被剪除的候选离群对象集。采用局部离群挖掘方法计算离群候选对象的离群因子,检测出异常攻击。实验结果表明,该方法能保证较高的检测率和较低的误报率。

关键词: 入侵检测, 异常检测, 离群点挖掘, 基于密度

Abstract: A method of density-based local outlier mining method is proposed. The method by use of the dataset of KDD99 experiment, executes feature extraction on 41 properties of the dataset. It exploits density-based clustering to program by pruning on the statistics of processed data sets, cuts off the most intensive data objects in the dataset and reserves the candidated outlier set of object which can not be cut off. It uses local outlier mining method to count the Local Outlier Factor(LOF) of the outlier candidated object and detects anomaly attacks. Experimental results demonstrate that it can guarantee higher detection rate and lower false alarm rate.

Key words: intrusion detection, anomaly detection, outlier mining, density-based

中图分类号: