基于稀疏向量距离的网络入侵数据检测

发布时间：2018-07-26 20:12

【摘要】：传统的网络入侵检测速度慢、实时性差,且误报率较高。为此,提出一种基于稀疏向量距离的网络入侵数据检测方法。该方法首先对所获得的网络样本数据进行初步分析,采用K-means算法对样本数据包进行量化处理得到该数据流的位置分布集,使用压缩感知的稀疏编码技术处理,得到数据的稀疏表示,然后通过随机投影获取数据集的二值哈希编码可以近似地表示稀疏向量的距离,与设定的阈值进行比较,判断该数据是否为入侵数据。根据这些稀疏向量的距离能够快速而准确地检测到入侵的网络数据。实验结果表明,相对于传统检测算法,本文算法具有速度快、实时性好、误报率低等优点,使入侵检测系统的性能得到了很大提高,充分确保了网络的安全性。
[Abstract]:Traditional network intrusion detection speed is slow, real-time is poor, and false alarm rate is high. Therefore, a network intrusion detection method based on sparse vector distance is proposed. The method firstly analyzes the data of the network sample, then quantifies the data packets with K-means algorithm to get the location distribution set of the data flow, and uses the compressed perceptual sparse coding technology to process the data packets. The sparse representation of the data is obtained, and then the binary hash coding of the data set is obtained by random projection. The distance of the sparse vector can be approximately represented by the binary hash coding, which can be compared with the set threshold to determine whether the data is intrusion data or not. Based on the distance of these sparse vectors, intrusion data can be detected quickly and accurately. The experimental results show that compared with the traditional detection algorithm, the proposed algorithm has the advantages of high speed, good real-time and low false alarm rate. The performance of the intrusion detection system is greatly improved and the security of the network is fully ensured.
【作者单位】：国网江西省电力科学研究院;华东交通大学信息工程学院;
【基金】：国家自然科学基金(41402290,61462028) 江西省科技厅工业支撑计划(20151BBE50055) 南昌市优势科技创新团队江西省研究生创新专项资金(YC2015-S254)资助
【分类号】：TP393.08

【相似文献】