An Anomaly Detection Scheme Based on DBI-PD Clustering Algorithm
In this paper, the relationship between the dimensions of network data and the detection accuracy is analyzed. In addition, this paper introduces clustering analysis methods which are often used in intrusion detection and compare their advantages and disadvantages. On the basis of that, this paper proposes a partition and density-based clustering algorithm used Davies-Bouldin Index (DBI-PD). DBI-PD method firstly selects the most related features for detection in network data using information gain ratio (IGR), then determines the optimal number of clusters based on DBI, and finally combines the partition and density clustering methods to detect. The DBI-PD based anomaly detection scheme proposed in this paper can effectively avoid the "dimension disaster" problem in clustering analysis, as well as avoid the interferences because of the useless data features. Furthermore, this scheme can improve the clustering quality, so as to improve the accuracy of detection.
information gain ratio (IGR)Davies-Bouldin Index (DBI)clustering analysisanomaly detection
NETL
NSTL
万方数据
维普
