您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(工学版)》

山东大学学报(工学版) ›› 2018, Vol. 48 ›› Issue (3): 115-119.doi: 10.6040/j.issn.1672-3961.0.2017.428

• • 上一篇    下一篇

基于BFOA和K-means的复合入侵检测算法

肖苗苗1,2,魏本征1,2*,尹义龙3   

  1. 1. 山东中医药大学理工学院, 山东 济南 250355;2. 山东中医药大学计算医学实验室, 山东 济南 250355;3. 山东大学软件学院, 山东 济南 250101
  • 收稿日期:2017-05-05 出版日期:2018-06-20 发布日期:2017-05-05
  • 通讯作者: 魏本征(1976— ),男,山东临沂人,教授,博士,主要研究方向为医学信息工程及计算智能. E-mail: wbz99@sina.com E-mail:forwardalamiao@sina.com
  • 作者简介:肖苗苗(1991— ),女,山东济南人,硕士研究生,主要研究方向为机器学习,网络安全. E-mail:forwardalamiao@sina.com
  • 基金资助:
    国家自然科学基金资助项目(U1201258,61572300);山东省自然科学基金资助项目(ZR2015FM010);山东高等学校科技计划资助项目(J15LN20);山东省医药卫生科技发展计划资助项目(2016WS0577);山东省中医药科技发展计划资助项目(2015-026)

A hybrid intrusion detection system based on BFOA and K-means algorithm

XIAO Miaomiao1,2, WEI Benzheng1,2*, YIN Yilong3   

  1. 1. College of Science and Technology, Shandong University of Traditional Chinese Medicine, Jinan 250355, Shandong, China;
    2. Computational Medicine Lab, Shandong University of Traditional Chinese Medicine, Jinan 250355, Shandong, China;
    3. School of Software Engineering, Shandong University, Jinan 250101, Shandong, China
  • Received:2017-05-05 Online:2018-06-20 Published:2017-05-05

PDF (PC)

587

摘要: K-means算法对初始聚类中心及簇数K的选择敏感,导致聚类结果不稳定,会对IDS(intrusion detection system, IDS)的检测结果产生重要影响。针对该问题,提出一种基于细菌觅食优化算法(bacterial foraging optimization algorithm, BFOA)和K-means相复合的入侵检测算法(HIDS)。HIDS算法首先基于距离阈值方法动态确定簇数K,再利用BFOA优化生成初始聚类中心,使得选择的初始聚类中心达到全局最优,从而解决了K-means算法的聚类结果不稳定的问题,进而提高入侵检测的准确率。为验证算法的有效性和测试算法性能,将HIDS在KDD99数据集上进行试验测试,入侵检测率可达98.33%。试验结果表明该方法能够有效提高检测率并且降低误检率。

关键词: BFOA, K-means算法, 检测率, 入侵检测, HIDS

Abstract: The K-means algorithm was sensitive to the selection of the initial clustering center and the number of clusters K, which led to the instability of the clustering results and would have a significant impact on the detection results of IDS(instrusion detection system, briefly named as IDS). To solve this problem, a hybrid intrusion detection algorithm(HIDS)based on BFOA(bacterial foraging optimization algorithm)and K-means was proposed. The value of K could be determined dynamically based on the distance threshold method. BFOA could be used to optimize the initial cluster centers, which made the initial clustering centers to be globally optimal. Therefore, the instability of the clustering results of K-means algorithm was solved. The detection rate was 98.33% by performing an experimental test on the KDD99 dataset. The experimental results showed that the method could effectively improve the detection rate and reduce the false detection rate.

Key words: intrusion detection, bacterial foraging optimization algorithm, HIDS, K-means algorithm, detection rate

中图分类号: 

  • TP391
[1] 赵光霞,宋心蕊. 2016年世界互联网发展乌镇报告[M/OL]. 乌镇:人民网,2016[2016-11-18].http://media.people.com.cn/n1/2016/1118/c40606-28879457-2.html.
[2] WANG Zhu, CHEN Chao, GUO Bin, et al. Internet plus in China[J]. IT Professional, 2016, 18(3):5-8.
[3] ALI Mazhar, KHAN S U, VASILAKOS A V. Security in cloud computing:opportunities and challenges[J]. Information Sciences, 2015, 305(1):357-383.
[4] ARDAGNA C A, BELLANDI V, BEZZI M, et al. Model-based big data analytics-as-a-service:take big data to the next level[J]. IEEE Transactions on Services Computing, 2018(99):1-1.
[5] MODI Chirag,PATEL Dhiren,BORISANIYA Bhavesh, et al. A survey of intrusion detection techniques in cloud[J]. Journal of Network and Computer Applications, 2013, 36(1):42-57.
[6] DAVIES D L, BOULDIN, DONALD W. A cluster separation measure[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1979, PAMI-1(2):224-227.
[7] THOMAS Hofmann. Unsupervised learning by probabilistic latent semantic analysis[J]. Machine Learning, 2001, 42(1-2):177-196.
[8] SONG Jingping, ZHU Zhiliang, PRICE Chris. A new evidence accumulation method with hierarchical clustering[C] //2016 IEEE International Conference on Cloud Computing and Big Data Analysis. Chengdu, China:IEEE, 2016:122-124.
[9] ANIL Jain. Data clustering:50 years beyond K-means[J]. Pattern Recognition Letters, 2010, 31(8):651-666.
[10] YU Guan, GHORBANI, NABIL Belacel. Y-means: a clustering method for intrusion detection[C] // Proceedings of Canadian Conference on Electrical and Computer Engineering. Montreal, Canada:IEEE, 2003:1083-1086.
[11] LI Han. Research and implementation of an anomaly detection model based on clustering analysis[C] // Proceedings of International Symposium on Intelligence Information Processing and Trusted Computing(IPTC 2010). Huanggang, China:IEEE, 2010:458-462.
[12] 傅涛,孙民亚. 基于PSO的K-means算法及其在网络入侵检测中的应用[J]. 计算机科学,2010,38(5):54-55+73. FU tao, SUN Minya. K-means algorithm based on PSO and its application in network intrusion detection[J]. Computer Science, 2010, 38(5):54-55+73.
[13] ABUROMMAN Abdulla Amin, IBNE REAZ Mamun Bin. A novel SVM-KNN-PSO ensemble method for intrusion detection system[J]. Applied Soft Computing, 2016, 38(1):360-372.
[14] WEI Benzheng, ZHAO Zhimin, PENG Xin. A novel method of medical image registration based on feature point mutual information and ipso algorithm[J]. Journal of Computational Information Systems, 2010, 7(2):559-567.
[15] HUANG Zhexue. Extensions to the K-means algorithm for clustering large data sets with categorical values[J]. Data Mining and Knowledge Discovery, 1998, 2(3):283-304.
[16] PANDA Sidhartha, MOHANTY Banaja, HOTA P K. Hybrid BFOA-PSO algorithm for automatic generation control of linear and nonlinear interconnected power systems[J]. Applied Soft Computing, 2013, 13(12):4718-4730.
[17] STOLFO S J, WEI Fan, WENKE Lee. Cost-based modeling for fraud and intrusion detection: results from the jam project[C] //Proceedings of the 2000 DARPA Information Survivability Conference and Exposition. Hilton Head, USA:IEEE, 2000:130-144.
[18] BERNHARD Pfahringer. Winning the kdd99 classification cup:bagged boosting[J]. ACM SIGKDD Explorations Newsletter, 2000, 1(1):65-66.
[19] RICHARD Lippmann, JOSHUA Haines, DAVID Fried. The 1999 darpa off-line intrusion detection evaluation[J]. Computer Networks, 2000, 34(4):579-595.
[20] KUMAR Gulshan, KUMAR Krishan. Design of an evolutionary approach for intrusion detection[J]. The Scientific World Journal, 2013, 2013(2013):1-14.
[1] 刘财辉,周琪,叶晓文. 一种基于改进ReliefF算法的入侵检测模型[J]. 山东大学学报 (工学版), 2023, 53(2): 1-10.
[2] 张海军,陈映辉. 语义分析及向量化大数据跨站脚本攻击智检[J]. 山东大学学报 (工学版), 2020, 50(2): 118-128.
[3] 李春彦,刘怡良,王良民*. 车载自组网中基于交通场景的入侵行为检测机制[J]. 山东大学学报(工学版), 2014, 44(1): 29-34.
[4] 王昊,华继学,范晓诗. 基于双联支持向量机的入侵检测技术[J]. 山东大学学报(工学版), 2013, 43(6): 53-56.
[5] 夏战国,万玲,蔡世玉,孙鹏辉. 一种面向入侵检测的半监督聚类算法[J]. 山东大学学报(工学版), 2012, 42(6): 1-7.
[6] 丁彦,李永忠*. 基于PCA和半监督聚类的入侵检测算法研究[J]. 山东大学学报(工学版), 2012, 42(5): 41-46.
[7] 刘元勋,徐秋亮,云晓春 . 面向入侵检测系统的通用应用层协议识别技术研究[J]. 山东大学学报(工学版), 2007, 37(1): 65-69 .
[8] 高小伟,蒋晓芸 . BP神经网络在入侵检测系统中的应用及优化[J]. 山东大学学报(工学版), 2006, 36(6): 107-110 .
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 王素玉,艾兴,赵军,李作丽,刘增文 . 高速立铣3Cr2Mo模具钢切削力建模及预测[J]. 山东大学学报(工学版), 2006, 36(1): 1 -5 .
[2] 张永花,王安玲,刘福平 . 低频非均匀电磁波在导电界面的反射相角[J]. 山东大学学报(工学版), 2006, 36(2): 22 -25 .
[3] 李 侃 . 嵌入式相贯线焊接控制系统开发与实现[J]. 山东大学学报(工学版), 2008, 38(4): 37 -41 .
[4] 孔祥臻,刘延俊,王勇,赵秀华 . 气动比例阀的死区补偿与仿真[J]. 山东大学学报(工学版), 2006, 36(1): 99 -102 .
[5] 来翔 . 用胞映射方法讨论一类MKdV方程[J]. 山东大学学报(工学版), 2006, 36(1): 87 -92 .
[6] 余嘉元1 , 田金亭1 , 朱强忠2 . 计算智能在心理学中的应用[J]. 山东大学学报(工学版), 2009, 39(1): 1 -5 .
[7] 陈瑞,李红伟,田靖. 磁极数对径向磁轴承承载力的影响[J]. 山东大学学报(工学版), 2018, 48(2): 81 -85 .
[8] 王波,王宁生 . 机电装配体拆卸序列的自动生成及组合优化[J]. 山东大学学报(工学版), 2006, 36(2): 52 -57 .
[9] 李可,刘常春,李同磊 . 一种改进的最大互信息医学图像配准算法[J]. 山东大学学报(工学版), 2006, 36(2): 107 -110 .
[10] 季涛,高旭,孙同景,薛永端,徐丙垠 . 铁路10 kV自闭/贯通线路故障行波特征分析[J]. 山东大学学报(工学版), 2006, 36(2): 111 -116 .
版权所有 © 2018 《山东大学学报(工学版)》编辑部 
地址: 济南市山大南路27号(250100)  电话: 0531-88366735  E-mail: xbgxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发