基于SSC-tree流聚类的入侵检测算法

doi:10.3969/j.issn.1001-506X.2012.03.36

Journal of Systems Engineering and Electronics ›› 2012, Vol. 34 ›› Issue (3): 625-630.doi: 10.3969/j.issn.1001-506X.2012.03.36

基于SSC-tree流聚类的入侵检测算法

程春玲^1,2,3，余志虎¹，张登银^1,3，徐小龙^1,2

1. 南京邮电大学计算机学院，江苏南京 210003；
2. 江苏省无线传感网高技术研究重点实验室，江苏南京 210003;
3. 宽带无线通信与传感网技术教育部重点实验室，江苏南京 210003

出版日期:2012-03-22 发布日期:2010-01-03

Intrusion detection algorithm based on SSC-tree stream clustering

CHENG Chun-ling^1,2,3, YU Zhi-hu¹, ZHANG Deng-yin^1,3, XU Xiao-long^1,2

1. College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210003, China;
2. Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003, China;
3. Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications), Ministry of Education Jiangsu Province, Nanjing 210003, China

Online:2012-03-22 Published:2010-01-03

摘要/Abstract

摘要：

由于数据流具有快速、无限、突发等特性，实现高速网络下的实时入侵检测已成为一个难题。设计一种维持数据流概要特征的相似搜索聚类树(similarity search cluster-tree, SSC-tree)结构，在此基础上提出一种基于SSC-tree的流聚类算法用于高速网络的入侵检测。为适应高速、突发到达的数据流，算法采用了链式缓存、捎带处理和局部聚类策略。SSC-tree中的链式缓存区用于临时存放数据流突发时算法不能及时处理的数据对象，缓冲区中的内容随后被捎带处理。在高速数据流未插入SSC-tree参与全局聚类之前，利用局部聚类产生微簇来适应高速流的到达。实验结果表明，该算法具有良好的适用性，能够在高速网络环境下产生较好的聚类精度，有效实现高速网络环境下的入侵检测。

Abstract:

As data streams show the fast, unlimited and bursting characteristics, real-time intrusion detection in high-speed networks becomes a problem. A similarity search cluster-tree (SSC-tree) is designed to maintain the summary feature of data streams and a clustering algorithm based on the SSC-tree is proposed to detect intrusion in highspeed networks. In order to process high speed and bursting streams in time, chaining buffer, piggyback and local cluster mechanisms are used. The chaining buffer in SSC-tree is used to store temporary data stream objects which are piggybacked later to solve the problem that high-speed streams cannot be clustered in time when the bursting data streams arrive. Besides, in order to meet the arrival of high-speed stream, the algorithm introduces a local cluster mechanism, which is the process of preclustering to produce local micro-clusters before data stream objects are inserted in the SSC-tree. The experiment results show that the proposed algorithm has good applicability and high clustering accuracy in high-speed networks. It can detect the intrusion in high-speed networks effectively.

中图分类号:

TP 393

程春玲, 余志虎, 张登银, 徐小龙. 基于SSC-tree流聚类的入侵检测算法[J]. Journal of Systems Engineering and Electronics, 2012, 34(3): 625-630.

CHENG Chun-ling, YU Zhi-hu, ZHANG Deng-yin, XU Xiao-long. Intrusion detection algorithm based on SSC-tree stream clustering[J]. Journal of Systems Engineering and Electronics, 2012, 34(3): 625-630.

[1]	李传伟,常关羽,侯维苇,丛万生,慕德俊. 面向多媒体业务的MANET多尺度稳定链路模型[J]. Journal of Systems Engineering and Electronics, 2012, 34(12): 2574-2578.
[2]	黄家玮, 王建新, 叶进. 保证TCP上下行时间公平的ECN标记算法[J]. Journal of Systems Engineering and Electronics, 2011, 33(2): 411-415.
[3]	熊海涛, 刘鲁, 张继春, 施慧斌. 装备保障中基于信任和预测的访问控制模型[J]. Journal of Systems Engineering and Electronics, 2011, 33(2): 315-319.

基于SSC-tree流聚类的入侵检测算法

Intrusion detection algorithm based on SSC-tree stream clustering

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

本文评价