模糊C均值聚类算法的若干研究及其在IDS中的应用

发布时间：2018-03-14 17:51

本文选题：聚类　切入点：核方法　出处：《南京邮电大学》2014年硕士论文　论文类型：学位论文

【摘要】：入侵检测技术作为一种主动防御的安全技术已经成为了当前重要的研究课题，聚类分析作为无监督学习方法它可以直接在无标记的数据上检测入侵。而模糊聚类分析体现了样本类属的不确定性，更贴近现实事物的分类，提高对未知入侵的检测能力，从而模糊聚类技术成为入侵检测中的重要技术之一。本文主要针对模糊C均值（FCM）聚类算法及其改进的算法在入侵检测中的应用进行了研究与分析。本文主要工作如下： 1、提出了基于初始点优化与隶属度函数优化的FCM算法（DMFCM）。该方法由原始的随机选取聚类中心改为用密度法根据点密度大小来计算选取聚类中心，，避免陷入局部最优解；另外优化了隶属度函数从而降低了孤立点对聚类中心的影响。实验结果表明DMFCM算法的聚类速度和迭代次数明显的降低，入侵检测的速率有所加快，检测率稍有提高。 2、提出了基于距离修正的模糊核C均值聚类算法（KFCM_d）。该方法在原始的模糊核C均值聚类算法（KFCM）采用了欧氏距离的基础上考虑数据点与数据点间距离的变化，修正了欧氏距离。实验结果表明该方法对于非线性可分的数据集聚类效果好，入侵检测检测率提高，误报率降低。 3、提出了基于距离修正的噪声类模糊核C均值聚类算法（NKFCM_d）。该方法考虑噪声的影响将噪声聚类与KFCM_d算法结合，使得算法有良好的抗噪声性能。实验结果表明该算法对于含噪声的非线性可分的数据集聚类结果好,很大程度的提高了入侵检测检测率，降低了误报率。
[Abstract]:As a kind of active defense security technology, intrusion detection technology has become an important research topic at present. Clustering analysis, as an unsupervised learning method, can directly detect intrusion on unmarked data, while fuzzy cluster analysis reflects the uncertainty of sample genus, is closer to the classification of real things, and improves the ability of detecting unknown intrusion. Thus fuzzy clustering technology has become one of the most important technologies in intrusion detection. In this paper, the application of fuzzy C-means FCM-based clustering algorithm and its improved algorithm in intrusion detection is studied and analyzed. The main work of this paper is as follows:. 1. A new FCM algorithm based on initial point optimization and membership function optimization is proposed. This method is changed from the original random selection of the cluster center to the density method to calculate the selection of the cluster center according to the size of the point density, so as to avoid falling into the local optimal solution. In addition, the membership function is optimized to reduce the influence of isolated points on the clustering center. The experimental results show that the clustering speed and iteration number of DMFCM algorithm are obviously reduced, the rate of intrusion detection is accelerated, and the detection rate is slightly improved. 2. A fuzzy kernel C-means clustering algorithm based on distance correction is proposed. The algorithm takes Euclidean distance into account on the basis of the original fuzzy kernel C-means clustering algorithm, which takes into account the change of the distance between data points and data points. The Euclidean distance is corrected. The experimental results show that the proposed method has a good effect on nonlinear separable data aggregation, improves the detection rate of intrusion detection and reduces the false alarm rate. 3. A distance modified noise class fuzzy kernel C-means clustering algorithm is proposed, which combines noise clustering with KFCM_d algorithm, considering the effect of noise. The experimental results show that the proposed algorithm is good for the clustering of nonlinear and separable data with noise, and greatly improves the detection rate of intrusion detection and reduces the false alarm rate.
【学位授予单位】：南京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.13

【参考文献】