Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Unsupervised anomaly detection method and system based on improved CURE clustering algorithm

A clustering algorithm and anomaly detection technology, applied in transmission systems, calculations, computer components, etc., can solve problems such as models not being updated, unsatisfactory normal behavior models, and time-consuming problems, and achieve rapid and accurate judgments

Inactive Publication Date: 2009-10-21
HOHAI UNIV
View PDF3 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, some of the clustering algorithms used in these unsupervised anomaly detection methods cannot cluster clusters of arbitrary shapes, resulting in an unsatisfactory normal behavior model, which affects the detection effect
Although density-based clustering algorithms and neural network algorithms can cluster clusters of any shape, it takes a lot of time to process training sets containing large-scale data, so that the normal behavior model cannot be updated in time, resulting in Cannot detect intrusions well when network or host conditions change

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unsupervised anomaly detection method and system based on improved CURE clustering algorithm
  • Unsupervised anomaly detection method and system based on improved CURE clustering algorithm
  • Unsupervised anomaly detection method and system based on improved CURE clustering algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] Such as Figure 1-Figure 4 As shown, the unsupervised anomaly detection method based on the improved CURE clustering algorithm of the present invention comprises steps:

[0027] A: Use the improved CURE clustering algorithm to cluster the training set, classify abnormal behavior data and normal behavior data, and generate clusters;

[0028] B: Mark the clusters according to the percentage of normal data estimated in advance in the entire data set;

[0029] C: Modeling is based on clusters marked as normal behavior, and its modeling algorithm is a hyperrectangle-based modeling algorithm;

[0030] D: Compare the data to be detected with the normal behavior model to determine whether it is abnormal data.

[0031] The anomaly detection system according to the present invention includes a data formatting module, a clustering module, a labeling module, a model generation module and a detection module.

[0032] The data formatting module generates formatted data by preproce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an unsupervised anomaly detection method and a system based on improved CURE clustering algorithm. The detection method comprises the following steps: clustering is carried on training sets and data of abnormal behavior and normal behavior are classified; the classified data are marked; modeling is carried out according to data marked as normal behavior, while modeling algorithm is based on hyperrectangle; data to be detectd are compared with model of normal behavior to judge weather the data to be detected are abnormal data or not. The detection system comprises a data formatting module, a clustering module, a standard class module, a model generating module and a detection module. The detection method is suitable to detect data with relatedness not being strong among dimensions.

Description

Technical field: [0001] The invention relates to an anomaly detection technology, in particular to an unsupervised anomaly detection method based on an improved CURE clustering algorithm and a system based on the method, belonging to the technical field of computer data security. Background technique: [0002] In recent years, with the continuous development of computer technology and the continuous expansion of network scale, intrusions have become more and more serious threats to the security of computer systems and networks. Intrusion is a deliberate attempt to access information without authorization, to alter information, and to render a system unreliable or unusable. As the methods of intrusion become more and more diversified and the means are more and more advanced, traditional static security technologies such as firewalls and data encryption technologies can no longer meet the security requirements of systems and networks. [0003] As an important dynamic security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62H04L29/06
Inventor 李继国徐晨
Owner HOHAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com