Semi-supervised anomaly intrusion detection method

An intrusion detection and semi-supervisory technology, applied in the field of network security, can solve the problems of low false alarm rate, high false alarm rate, and inability to effectively detect unknown intrusion behaviors, so as to reduce false alarm rate, improve detection rate, and high The effect of detection rate

Inactive Publication Date: 2011-02-23
XIDIAN UNIV
View PDF1 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional intrusion detection method is based on supervised learning. Although the detection rate is high and the false alarm rate is low, it cannot effectively detect unknown intrusion behaviors.
Therefore, the unsupervised learning method is applied to intrusion detection. The cluster-based intrusion detection method can detect unknown intrusion behavior without marking network data, so the detection rate of this detection method is high. Mislabeling as a normal class will cause this type of intrusion behavior and its variants to be regarded as normal data, so the false alarm rate is also high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Semi-supervised anomaly intrusion detection method
  • Semi-supervised anomaly intrusion detection method
  • Semi-supervised anomaly intrusion detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] refer to figure 1 , the specific implementation steps of the present invention are as follows:

[0024] Step 1. Select an initial labeled sample set and an initial unlabeled sample set.

[0025] When performing intrusion detection, the detection data corresponding to normal behavior is defined as normal data, the detection data corresponding to various intrusion behaviors is defined as abnormal data, and part of the normal data in the training data is extracted as the initial labeled sample set {x i}, taking the detection data as the initial unlabeled sample set {x j}.

[0026] Step 2, initialize the cluster centers of the detection data.

[0027] Implement the fuzzy C-means algorithm on the current marked and unmarked samples, and repeat the following operation steps until the membership value of the marked and unmarked samples is stable:

[0028] (2a) Calculate membership degree:

[0029] u ck = ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fuzzy clustering and support vector domain description-based (SVDD) semi-supervised anomaly intrusion detection method, which is mainly used for solving the problems of low intrusion detection data detection rate and high false alarm rate in the prior art. The method comprises the following steps of: (1) initializing a labeled sample set and an unlabeled sample set; (2) initializing a clustering center; (3) carrying out fuzzy C-mean clustering; (4) updating the labeled sample set and the unlabeled sample set according to a clustering result; (5) carrying out SVDD-based self-training; (6) updating the labeled sample set and the unlabeled sample set according to a self-training result; (7) carrying out SVVD-based classification; and (8) evaluating and outputting anintrusion detection result. The method improves the detection rate and reduces the false alarm rate at the same time, and can be used for a real-time intrusion detection system in which training dataonly contains less normal data.

Description

technical field [0001] The invention belongs to the technical field of network security and relates to an intrusion detection method, specifically a semi-supervised abnormal intrusion detection method based on fuzzy clustering and support vector domain description, which can be used for data detection in a network environment. Background technique [0002] With the rapid development of global information technology, the network has been widely used in various fields of social life, and the accompanying network information security problems are also increasing. Traditional network security technologies that have been widely used include data encryption technology, authentication technology, firewall technology and intrusion detection system. Among them, the intrusion detection system has become a research hotspot in the field of network security because of its strong detection, wide range of applications, and timely response. [0003] According to different sources of detect...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 王爽焦李成冯吭雨钟桦侯彪缑水平马文萍张青
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap