期刊论文

中文

小型微型计算机系统

1000-1220

2005

26

6

1042-1045

10.3969/j.issn.1000-1220.2005.06.038

国家自然科学基金

本校为其他机构

提出了一种新的距离定义和基于聚类的有指导的入侵检测方法CBSID(Clustering-based and Supervised Interusion Detection)．该方法在带标记的训练集上进行聚类．以聚类结果作为分类模型对未见数据进行分类．该方法对于参数和数据输入顺序具有稳健性．可增量更新分类模型．不同于一般的有指导的入侵检测方法．该方法对未知入侵有一定的检测能力．在KDDCUP99数据集上的测试结果表明，CBSID有理想的性能(高的检测率和低的误报率)．

A clustering-based and supervised intrusion detection method, named CBSID (Clustering-based and Supervised Interu-sion Detection) with new distance defination is proposed in this paper. CBSID clusters training data by the label and the results of clustering are used as classification model to predict which cluster the current data belongs to. The method is robust to the cluster parameter and the input sequence of data. The classifiaction model may be incremental updated. Compared with the most existing supervised intrusion detection methods, this method can detect unknown intrusions. The exper...