节点文献
基于融合主成分匹配的异常检测方法
Method of anomaly detection based on fusion principal components match
【摘要】 针对数据存储规模的扩大,提出了一种基于融合主成分匹配FPCM(fusion principal components match)的异常检测方法。首先将各子节点数据通过聚类去除孤立点以提高主成分分析的稳定性,将各子节点的聚类中心传送到中心节点,减少节点间传送数据的通信量并且实现求主成分的数据融合;用聚类中心的主成分转换矩阵建立的正常行为模型能够体现整体的数据特征;最后使用决策树方法提高匹配速度。实验结果表明,FPCM方法能保持较高的DOS检测率,在保证整体检测率为97%的同时将误报率控制在10%以下。通过与已有方法比较表明,该方法能使分布式存储的数据在检测结果上达到数据集中存储的检测水平。
【Abstract】 According to the expansion of data storage,a method of anomaly detection based on Fusion Principal Component Match(FPCM) is presented.First,the isolated points in the sub-node data are removed and the stability of the principal component analysis is enhanced by clustering.Then the clustering center is transmitted to a center node,which can reduce the traffic of data between nodes and achieve the fusion principal components.The normal behavior model established by the conversion matrix of the principal component cluster centers can embody the characteristics of the overall data.Finally,the decision tree method is used to accelerate the matching speed.Experiment results show that the FPCM method can maintain a high detection rate of DOS,an overall detection rate of 97% is obtained;meanwhile,the false positives is controlled below 10%.The detection rate of this method is equal to that of the existing methods.
【Key words】 computer system organization; intrusion detection; principal component analysis; clustering; decision trees;
- 【文献出处】 吉林大学学报(工学版) ,Journal of Jilin University(Engineering and Technology Edition) , 编辑部邮箱 ,2009年05期
- 【分类号】TP393.08
- 【被引频次】2
- 【下载频次】125