随着网络复杂度的增加,传统的入侵检测方法已经无法满足日益增长的安全需求.采用大数据的挖掘算法提高入侵检测的检测率是当前研究的热点.为此,本文提出一种基于k-means和决策树算法的混合入侵检测算法(KDI).该算法首先对数据预处理的离散化方法进行改进,获取高质量样本数据,并根据现实中易出现类别信息增益比差异小的特点,利用k-means算法根据增益比差异将样本数据先分类再建立决策树,提升了算法的检测率.实验结果表明KDI算法能够有效地检测网络数据中隐合的已知和未知的入侵行为.%With the growth of the network complexity,the traditional intrusion detection methods have been unable to meet the high-level security requirements.How to use data mining algorithm to improve accuracy rate of intrusion detection is a hot spot in current research.For this purpose,a hybrid intrusion detection algorithm based on k-means and decision tree algorithm (KDI) is proposed.Firstly,an improvement on data discretization method is advanced,in order to obtain high quality sample data,and then the k-mean algorithm is utilized to classify the sample data based on the feature of slight difference between information divergence ratio in many real situations,subsequently,the decision trees is constructed,therefore,the detection rate is enhanced.The experimental results show that the KDI algorithm can effectively detect both known and unknown intrusion behaviors sealed in network data.
展开▼
