Mainly study the method of Pearson correlation coefficient to calculate the symbol attribute distance between record and cluster, cluster and cluster. A new metric,Approximate Average Distance ( AAD),is proposed as cluster anomaly measure. AAD combines a cluster's local anomaly,the number of members,and its global anomaly,the distance with other clusters. An approach of unsupervised a-nomaly intrusion detection is also studied,in which records are checked with the classified clusters as detection models. To timely find in-trusion behavior,reduce the loss caused by the invasion. Empirical experiments with the KDD 99 data set show that AAD can detect intru-sions with relatively high detection rate and low false alarm rate compared with other researches.% 文中主要研究用Pearson相关系数计算记录与簇、簇与簇间符号属性距离的方法;在这个方法中,提出了一种新的簇异常度量-近似平均距离AAD, AAD综合了一个簇的局部异常度,即簇的内部点密度,和该簇在整个簇结构中的全局异常度,即该簇与其它簇的距离;提出了依据AAD对聚类后的簇分类,并以已分类簇结构作为检测模型进行无监督异常检测的方法,通过异常检测能及时地对每个记录分类,从而能及时发现入侵行为,减小由入侵造成的损失;最后用KDD 99评估数据集所作的实验表明,用AAD作为簇的分类度量的方法比其它相关研究具有更高的检测率和更低的误警率。
展开▼
