作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (17): 129-132. doi: 10.3969/j.issn.1000-3428.2012.17.036

• 安全技术 • 上一篇    下一篇

基于免疫优势多克隆网络的异常检测

白 琳,潘晓英   

  1. (西安邮电大学计算机学院,西安 710121)
  • 收稿日期:2011-08-22 修回日期:2011-12-12 出版日期:2012-09-05 发布日期:2012-09-03
  • 作者简介:白 琳(1980-),女,讲师、硕士,主研方向:入侵检测技术,智能信息处理;潘晓英,副教授、博士
  • 基金资助:
    国家自然科学基金资助项目(61105064);陕西省教育厅科研基金资助项目(2010JK837);陕西省自然科学基金资助项目(2011JM8007)

Abnormal Detection Based on Immunodominance Polyclonal Network

BAI Lin, PAN Xiao-ying   

  1. (School of Computer Science & Technology, Xi’an University of Posts & Telecommunications, Xi’an 710121, China)
  • Received:2011-08-22 Revised:2011-12-12 Online:2012-09-05 Published:2012-09-03

摘要: 为实现无监督异常检测,提出一种用于网络数据训练学习的免疫优势多克隆网络聚类算法。根据抗体抗原亲合度,通过免疫优势、克隆、交叉、非一致变异、禁忌克隆和克隆死亡等人工免疫系统算子,实现抗体网络的进化学习和自适应调节。以一个小规模的网络映射原始数据集的内在结构,利用基于凝聚的层次聚类方法对网络结构进行分析,从而获得描述正常和异常行为的数据特征。仿真结果表明,该算法适用于大规模、无标识数据的异常检测,并能检测出未知攻击。

关键词: 异常检测, 免疫优势, 多克隆网络, 交叉算子, 非一致变异, 禁忌克隆

Abstract: A polyclonal network clustering algorithm for training the network data is employed to build a unsupervised abnormal detection system. It is directed by the affinity function between antibody and antigen. Some artificial immune system operators are used in the method including immunodominance, clone, cross, non-uniform mutation and forbidden clone. A small-size, self-adaptive and self-learning network is evolved in the method to reflect the distribution of original data. A traditional hierarchical agglomerative clustering algorithm is employed to perform clustering analysis and obtain the classification of normal and abnormal data. Simulation results show that the algorithm can deal with massive unlabeled data to detect anomaly and even can detect unknown attacks.

Key words: abnormal detection, immunodominance, polyclonal network, cross operator, non-uniform mutation, forbidden clone

中图分类号: