引用本文:江峰,王凯郦,于旭,等.基于粗糙熵的离群点检测方法及其在无监督入侵检测中的应用[J].控制与决策,2020,35(5):1199-1204
【打印本页】   【HTML】   【下载PDF全文】   查看/发表评论  【EndNote】   【RefMan】   【BibTex】 附件
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览次   下载 本文二维码信息
码上扫一扫!
分享到: 微信 更多
基于粗糙熵的离群点检测方法及其在无监督入侵检测中的应用
江峰1, 王凯郦1, 于旭1, 眭跃飞2, 杜军威1
(1. 青岛科技大学信息科学技术学院,山东青岛266061;2. 中国科学院计算技术研究所,北京100080)
摘要:
香农的信息熵被广泛用于粗糙集.利用粗糙集中的粗糙熵来检测离群点,提出一种基于粗糙熵的离群点检测方法,并应用于无监督入侵检测.首先,基于粗糙熵提出一种新的离群点定义,并设计出相应的离群点检测算法-----基于粗糙熵的离群点检测(rough entropy-based outlier detection,REOD);其次,通过将入侵行为看作是离群点,将REOD应用于入侵检测中,从而得到一种新的无监督入侵检测方法.通过多个数据集上的实验表明,REOD具有良好的离群点检测性能.另外,相对于现有的入侵检测方法,REOD具有较高的入侵检测率和较低的误报率,特别是其计算开销较小,适合于在海量高维的数据中检测入侵.
关键词:  离群点检测  粗糙集  粗糙度  粗糙熵  无监督入侵检测
DOI:10.13195/j.kzyjc.2018.1345
分类号:TP391
基金项目:国家自然科学基金项目(61402246,61973180);山东省自然科学基金项目(ZR2018MF007);山东省重点研发计划项目(2018GGX101052).
A rough entropy-based approach to outlier detection and its application in unsupervised intrusion detection
JIANG Feng1,WANG Kai-li1,YU Xu1,SUI Yue-fei2,DU Jun-wei1
(1. College of Information Science and Technology,Qingdao University of Science and Technology,Qingdao266061,China;2. Institute of Computing Technology,Chinese Academy of Sciences,Beijing100080,China)
Abstract:
The information entropy, proposed by Shannon, has been widely used in rough sets. In this paper, we use the rough entropy in rough sets to detect outliers, and propose a rough entropy-based outlier detection approach, which is applied to unsupervised intrusion detection. Firstly, we propose a new definition for outliers based on rough entropy, and design an algorithm called rough entropy-based outlier detection(REOD) to find such outliers. Then, we regard intrusion activities as outliers and apply the REOD to intrusion detection, from which a novel approach for unsupervised intrusion detection is obtained. Experiments on several data sets demonstrate that the REOD performs well for outlier detection. In addition, compared with existing intrusion detection methods, the REOD can detect attacks with high detection rate and low false positive rate. Especially, the computational cost of the REOD is low, and it is suitable for intrusion detection on massive and high dimensional data.
Key words:  outlier detection  rough sets  roughness  rough entropy  unsupervised intrusion detection

用微信扫一扫

用微信扫一扫