基于SVDD的密度峰值聚类算法及其接入网入侵检测研究

发布时间：2018-12-11 13:26

【摘要】：随着信息技术快速发展,网络技术应用越来越普及,宽带接入网进入了信息化高速发展阶段。社交通讯、电子商务和电子邮件等网络形式的应用丰富便利了人类生活的同时,接入网络信息安全也逐渐成为当今社会最突出的问题之一。入侵检测方法由于其独特优势,已经成为信息安全中不可缺失的技术手段。然而,接入网络汇集点数据量大、业务类型多且内容复杂,传统入侵检测系统大多基于规则或事件检测方式,不仅精度低或速度慢,对规则或事件的依赖性强,已经无法满足现有接入网络安全的需求。近年,智能机器学习技术及其应用逐渐完善,尤其是支持向量数据描述(SVDD),在处理大数据量、高维度、非线性的单分类问题上取得较好效果。然而,SVDD算法的研究时间短,理论研究还处于起步阶段,且接入网入侵检测的目标样本特征分布不均衡,基于SVDD入侵检测接入网存在预测准确度明显偏向多类的不足。针对上述问题,本文提出了一种基于SVDD的密度峰值聚类算法(DDPC-SVDD),该算法基本思想是通过SVDD结合改进密度峰值聚类算法(DDPC),将松散的数据集用若干个紧凑的子簇分界面来进行数据描述。虽然传统的密度峰值聚类算法可划分出若干凸型类簇,但是经验选取截断距离(dc)值可能导致聚类效果不稳定。因此,本文引入适应于带噪点数据集的聚类衡量指标——调整的轮廓系数(ASIL)。通过选取不同dc值计算ASIL以衡量聚类指标,实现最优dc值下最佳聚类效果。聚类后的各子簇再经过SVDD生成相应的分类器,本文采用自适应变异粒子群算法(PSO)解决SVDD参数寻优问题。DDPC-SVDD无需事先设定聚类个数k值,且应用到接入网入侵检测模型训练中可实现全自动化操作过程。通过实验及仿真研究表明:本文提出ASIL指标能够准确评价聚类效果,并且采用该指标指导寻优的DDPC算法,其准确度明显高于其他的聚类算法。本文提出的DDPC-SVDD算法不仅在标准的UCI数据集上表现很好的分类效果,而且在样本不均匀的Kdd Cpu 1999数据集(经典的入侵样本数据集)上取得满意的结果。
[Abstract]:With the rapid development of information technology, the application of network technology is becoming more and more popular. Social communication, electronic commerce, email and other network forms of rich and convenient for human life, access to network information security has gradually become one of the most prominent social problems. Because of its unique advantages, intrusion detection method has become an indispensable technology in information security. However, the access network aggregates a large amount of data, has a large number of service types and complex content. Most of the traditional intrusion detection systems are based on rules or event detection methods, not only low precision or slow speed, but also strong dependence on rules or events. It has been unable to meet the security needs of the existing access network. In recent years, the intelligent machine learning technology and its application have been gradually improved, especially the support vector data description (SVDD),) has achieved good results in dealing with large data volume, high dimensional, nonlinear single classification problems. However, the research time of SVDD algorithm is short, the theoretical research is still in its infancy, and the distribution of target sample features in access network intrusion detection is not balanced. The prediction accuracy of access network based on SVDD is obviously biased to many classes. In order to solve the above problems, a density peak clustering algorithm (DDPC-SVDD) based on SVDD is proposed in this paper. The basic idea of this algorithm is to improve the density peak clustering algorithm (DDPC),) by combining SVDD with density peak clustering algorithm. Loose data sets are described with several compact sub-cluster interfaces. Although the traditional peak density clustering algorithm can divide some convex clusters, the empirical truncation distance (dc) may lead to the instability of clustering effect. Therefore, this paper introduces the adjusted contour coefficient (ASIL)., which is suitable for clustering with noisy data sets. By selecting different dc values to calculate ASIL to measure the clustering index, the best clustering effect under the optimal dc value can be realized. In this paper, the adaptive mutation particle swarm optimization (PSO) algorithm is used to solve the optimization problem of SVDD parameters. The DDPC-SVDD does not need to set the number of clusters k. And it can be applied to the training of intrusion detection model of access network to realize the full automatic operation process. The experimental and simulation results show that the ASIL index can accurately evaluate the clustering effect, and the accuracy of the DDPC algorithm is obviously higher than that of other clustering algorithms. The proposed DDPC-SVDD algorithm not only performs well on standard UCI datasets, but also achieves satisfactory results on Kdd Cpu 1999 datasets with uneven samples (classical intrusion data sets).
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP311.13;TP393.08

【参考文献】