Unsupervised anomaly detection method and system based on improved CURE clustering algorithm

A clustering algorithm and anomaly detection technology, applied in transmission systems, calculations, computer components, etc., can solve problems such as models not being updated, unsatisfactory normal behavior models, and time-consuming problems, and achieve rapid and accurate judgments

Inactive Publication Date: 2009-10-21
HOHAI UNIV
View PDF3 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, some of the clustering algorithms used in these unsupervised anomaly detection methods cannot cluster clusters of arbitrary shapes, resulting in an unsatisfactory normal behavior model, which affects the detection effect
Although density-based clustering algorithms and n

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unsupervised anomaly detection method and system based on improved CURE clustering algorithm
  • Unsupervised anomaly detection method and system based on improved CURE clustering algorithm
  • Unsupervised anomaly detection method and system based on improved CURE clustering algorithm

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0026] like Figure 1-Figure 4 As shown, the unsupervised anomaly detection method based on the improved CURE clustering algorithm of the present invention comprises the steps:

[0027] A: Cluster the training set through the improved CURE clustering algorithm, classify abnormal behavior data and normal behavior data, and generate clusters;

[0028] B: Label the clusters according to the percentage of normal data estimated in advance in the entire dataset;

[0029] C: Modeling is performed according to clusters marked as normal behavior, and its modeling algorithm is a hyperrectangle-based modeling algorithm;

[0030] D: Compare the data to be detected with the normal behavior model to determine whether it is abnormal data.

[0031] The anomaly detection system according to the present invention includes a data formatting module, a clustering module, a classification module, a model generation module, and a detection module.

[0032] The data formatting module generates for...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an unsupervised anomaly detection method and a system based on improved CURE clustering algorithm. The detection method comprises the following steps: clustering is carried on training sets and data of abnormal behavior and normal behavior are classified; the classified data are marked; modeling is carried out according to data marked as normal behavior, while modeling algorithm is based on hyperrectangle; data to be detectd are compared with model of normal behavior to judge weather the data to be detected are abnormal data or not. The detection system comprises a data formatting module, a clustering module, a standard class module, a model generating module and a detection module. The detection method is suitable to detect data with relatedness not being strong among dimensions.

Description

Technical field: [0001] The invention relates to an anomaly detection technology, in particular to an unsupervised anomaly detection method based on an improved CURE clustering algorithm and a system based on the method, belonging to the technical field of computer data security. Background technique: [0002] In recent years, with the continuous development of computer technology and the continuous expansion of network scale, intrusions have become more and more serious threats to the security of computer systems and networks. Intrusion is a deliberate attempt to access information without authorization, to alter information, and to render a system unreliable or unusable. As the methods of intrusion become more and more diversified and the means are more and more advanced, traditional static security technologies such as firewalls and data encryption technologies can no longer meet the security requirements of systems and networks. [0003] As an important dynamic security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62H04L29/06
Inventor 李继国徐晨
Owner HOHAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap