|
|
- 2018
基于K-means聚类特征消减的网络异常检测
|
Abstract:
针对基础K-means算法在KDD 99数据集中检测罕见攻击效果差且效率低下等问题,该文通过数据统计的方式对数据集中各维度与每类攻击类型的相关分析发现,罕见攻击极易被大量的常见攻击所淹没,而当常见攻击被移去时,这些威胁性更大的罕见攻击则能够被更好地识别出来。基于此,该文提出一种改进的基于K-means分层迭代的检测算法,通过有针对性的特征选择来降低K-means聚类的数据维度,经过多次属性消减的K-means聚类迭代操作可以更加精准地检测到不同异常类型的攻击。在KDD 99数据集上的实验结果表明:该算法对原基础的K-means检测算法难以检测到的罕见攻击类型U2R/R2L攻击检测率几乎达到99%左右。同时随着每次分层迭代聚类维度近50%的降低,进一步节省了约90%的异常检测时间。
Abstract:Although the basic K-means test was used for anomaly detection in the KDD 99 attack dataset, its accuracy and efficiency for detecting rare attacks needs to be improved. Rare attacks, which are usually greater threats, are easily hidden by common threats so the rare attacks can be more easily identified by removing common attacks. An improved hierarchical iterative K-means method was developed based on this finding to detect all kinds of anomalies using feature reduction through correlations to decrease classification the dimensions. The algorithm is able to detect almost every rare attack with a 99% succesful classification rate and for nearly real-time detection with 90% less computations on the KDD 99 data compared with the basic K-means algorithm.
