作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (6): 127-129. doi: 10.3969/j.issn.1000-3428.2011.06.044

• 安全技术 • 上一篇    下一篇

改进的蚂蚁聚类入侵检测方法

舒远仲,吴文俊,陈忠贵   

  1. (南昌航空大学信息工程学院,南昌 330063)
  • 出版日期:2011-03-20 发布日期:2011-03-29
  • 作者简介:舒远仲(1965-),男,教授,主研方向:信息安全,互联网技术;吴文俊,硕士;陈忠贵,工程师、硕士
  • 基金资助:
    江西省工业支撑计划基金资助项目(20081B01016)

Improved Ant Clustering Intrusion Detection Method

SHU Yuan-zhong, WU Wen-jun, CHEN Zhong-gui   

  1. (School of Information Engineering, Nanchang Hangkong University, Nanchang 330063, China)
  • Online:2011-03-20 Published:2011-03-29

摘要: 在现有的自适应蚂蚁聚类算法中,自适应参数的调整往往凭经验取值,从而影响聚类质量。针对该问题,提出一种利用快速模拟退火算法实现蚂蚁聚类自适应参数动态调整的改进方法。基于该算法构建的入侵检测系统无需预先指定簇的数目,也不要求满足正常行为的数目远大于入侵行为的数目等条件。对KDD CUP1999数据集的仿真实验结果表明,该算法可以得到较理想的聚类,对未知入侵有较好的检测效果。

关键词: 入侵检测, 蚂蚁聚类, 蚂蚁运动模型, 模拟退火

Abstract: In present adaptive ant clustering algorithms, the values of adaptive parameters are adjusted by experience, which affects clustering quality. To solve the problem, this paper proposes an improved method by using fast Simulated Annealing Algorithm(SAA) to realize dynamic adjustment of ant clustering adaptive parameters. An intrusion detection system based on the algorithm does not require pre-specification of the number of clusters, or that the number of normal behaviors is far greater than the number of intrusions. Simulation results on KDD CUP1999 dataset show that the algorithm can get better clusters, and has better detection effects on unknown intrusions.

Key words: intrusion detection, ant clustering, Ant Movement(AM) model, simulated annealing

中图分类号: