【摘要】 针对数据存储规模的扩大,提出了一种基于融合主成分匹配FPCM(fusion principal components match)的异常检测方法。首先将各子节点数据通过聚类去除孤立点以提高主成分分析的稳定性,将各子节点的聚类中心传送到中心节点,减少节点间传送数据的通信量并且实现求主成分的数据融合;用聚类中心的主成分转换矩阵建立的正常行为模型能够体现整体的数据特征;最后使用决策树方法提高匹配速度。实验结果表明,FPCM方法能保持较高的DOS检测率,在保证整体检测率为97%的同时将误报率控制在10%以下。通过与已有方法比较表明,该方法能使分布式存储的数据在检测结果上达到数据集中存储的检测水平。更多还原

【Abstract】 According to the expansion of data storage,a method of anomaly detection based on Fusion Principal Component Match(FPCM) is presented.First,the isolated points in the sub-node data are removed and the stability of the principal component analysis is enhanced by clustering.Then the clustering center is transmitted to a center node,which can reduce the traffic of data between nodes and achieve the fusion principal components.The normal behavior model established by the conversion matrix of the principal component cluster centers can embody the characteristics of the overall data.Finally,the decision tree method is used to accelerate the matching speed.Experiment results show that the FPCM method can maintain a high detection rate of DOS,an overall detection rate of 97% is obtained;meanwhile,the false positives is controlled below 10%.The detection rate of this method is equal to that of the existing methods.更多还原