Abstract:
This paper proposes a two-phase intrusion detection algorithm in mixed attributes data stream——KDDCUP99-10% network intrusion data set. The algorithm gains the statistical information in data stream by the incremental clustering. Weighted fuzzy clustering is done based on the statistical information according to proposed weighted fuzzy cluster feature. The number of clusters for fuzzy clustering can change dynamically. Theoretical analysis and experimental results show the algorithm can detect the intrusion behaviors effectively.
Key words:
mixed attributes,
fuzzy clustering,
data stream,
intrusion detection
摘要:
以KDDCUP99-10%网络入侵数据集作为数据流,提出一种混合属性数据流的两阶段入侵检测算法。通过增量聚类提取数据流的代表信息,根据提出的加权模糊簇特征对增量聚类结果做模糊聚类,簇数可动态改变。理论分析和实验结果表明,该算法可以有效检测数据流入侵。
关键词:
混合属性,
模糊聚类,
数据流,
入侵检测
CLC Number:
SU Xiao-Ke, LAN , XIANG , QIN Yu-Meng, MO Ren-Xia-1, CHENG Yao-Dong. Two-phase Intrusion Detection Algorithm in Mixed Attributes Data Stream[J]. Computer Engineering, 2010, 36(18): 19-20.
苏晓珂, 兰, 洋, 秦玉明, 万仁霞1, 程耀东. 混合属性数据流的两阶段入侵检测算法[J]. 计算机工程, 2010, 36(18): 19-20.