一种改进的K-means算法在网络入侵检测中的应用研究

发布时间：2018-08-29 20:13

【摘要】：随着计算机和网络技术的进步与发展,网络数据量呈现指数型增长,想要直观的发现真正有价值的数据并不容易,很多对我们有用的数据往往都隐藏在庞大的数据量中,数据挖掘技术随着大数据时代的到来应运而生。数据挖掘技术是人们为了发掘数据的潜在价值和有用信息而出现的一门新兴技术学科,其核心作用是充分利用数据价值,为人们的决策分析提供科学合理的依据。聚类分析是数据挖掘中的重要分支,其原理是根据数据的相似性将数据分配到有差异的类中。聚类分析的应用广泛,为机器学习、人工智能、医学、网络安全等领域提供了重要的技术支持。基于划分的聚类是聚类算法中较为常见的算法,由于其简单高效的特点得到了各领域广泛应用。其中,较为常见的是K-means聚类算法,其实现原理简单,而且算法效率较高。但是由于K-means算法易受限于初始聚类中心,其应用也受到了很多限制。本文给出了优化K-means初始聚类中心的方法,并应用此改进算法构建网络入侵检测模型。其关键之处为:(1)K-means算法的较优初始聚类中心应该选取数据集中距离较远的数据对象或者靠近类中心的数据对象。基于密度的思想,将数据集中数据分布较为密集的对象筛选出来作为高密度对象,从高密度对象中取出距离相差尽可能大的k个对象并以这些对象为依据划分初始类。然后使用粒子群算法在每个类中迭代寻优,直到最大迭代次数输出k个全局最优点作为K-means的初始聚类中心。在多个数据集上对此优化算法的有效性进行验证,结果表明此优化方法的聚类效果较原始K-means算法更优。(2)根据初始聚类中心优化方法改进K-means算法,将此方法应用于网络入侵数据的检测中,建立一种基于聚类的网络入侵检测模型,该模型包含了入侵数据收集和预处理、聚类、类标记、差异分析等模块。应用此模型对常用的网络入侵数据集进行实验检测分析,检测结果表明该入侵检测模型比基于K-means算法的检测方法具有更好的入侵检测效果。
[Abstract]:With the progress and development of computer and network technology, the amount of network data is increasing exponentially. It is not easy to find the truly valuable data directly. Many of the useful data are hidden in the huge amount of data. Data mining technology with the arrival of big data era came into being. Data mining technology is a new technology subject that people appear in order to discover the potential value and useful information of data. Its core function is to make full use of data value and to provide scientific and reasonable basis for people's decision analysis. Clustering analysis is an important branch of data mining. Its principle is to assign data to different classes according to the similarity of data. Clustering analysis is widely used, which provides important technical support for machine learning, artificial intelligence, medicine, network security and other fields. Partition-based clustering is a common algorithm in clustering algorithms and has been widely used in various fields because of its simple and efficient characteristics. Among them, the K-means clustering algorithm is more common, its principle is simple, and the efficiency of the algorithm is high. However, because K-means algorithm is easy to be limited by the initial clustering center, its application is also limited. In this paper, the method of optimizing the initial clustering center of K-means is presented, and the network intrusion detection model is constructed by using this improved algorithm. The key points are as follows: (1) the optimal initial clustering center of K-means algorithm should select the data object which is far away from the dataset or the data object near the class center. Based on the idea of density, the objects with dense data distribution in the data set are filtered out as high density objects, and k objects with the maximum distance difference are extracted from the objects and the initial classes are divided according to these objects. Then the particle swarm optimization algorithm is used to iterate the optimization in each class until the maximum number of iterations outputs k global optimal points as the initial clustering center of K-means. The validity of the optimization algorithm is verified on multiple datasets. The results show that the clustering effect of this optimization method is better than that of the original K-means algorithm. (2) the K-means algorithm is improved according to the initial clustering center optimization method. This method is applied to the detection of network intrusion data, and a network intrusion detection model based on clustering is established. The model includes intrusion data collection and preprocessing, clustering, clustering marking, difference analysis and so on. The model is used to detect and analyze the commonly used network intrusion data sets. The detection results show that the intrusion detection model has better detection effect than the detection method based on K-means algorithm.
【学位授予单位】：合肥工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08;TP311.13

【相似文献】