中文摘要：

基于神经网络的入侵检测方法是入侵检测技术的一个重要发展方向．在已有无监督生长型分层自组织映射（growinghierarchicalself_organizingmaps，GHSOM）神经网络算法的基础上，提出了一种半监督GHSOM算法．该算法利用少量有标签的数据指导大规模无标签数据的聚类过程．一方面借鉴cop—kmeans半监督机制，解决了原始算法中返回空划分的问题，并将其应用到GHSOM算法中．另一方面提出了神经元信息熵的概念作为子网生长的判断条件，提高了GHSOM网络子网划分的精度．此外还利用有标签的数据自动确定聚类结果的入侵类型．对KDDCup1999数据集和LAN环境下模拟产生的数据集进行的入侵检测实验表明：相比于无监督的GHSOM算法，半监督的GHSoM算法对各种类型的攻击具有较高的检测率．

英文摘要：

Network intrusion detection technology based on artificial neural network is an important research direction in intrusion detection area. This paper proposes a semi-supervised GHSOM （growing hierarchical self-organizing maps） neural network algorithm, in which the clustering process of large amount of unlabeled data is conducted by small amount of labeled data. On the one hand, the idea of semi-supervised cop-kmeans algorithm is introduced into the unsupervised GHSOM algorithm, and the problem on returning no result is solved in the semi-supervised GHSOM algorithm. On the other hand, the concept of neural entropy is proposed and used as the judgment condition of the neural network growth to improve precision of division of subnets of the neural network. Besides, the labeled data are also used to determine the intrusion type of nerve cells automatically. The network intrusion detection experiment results based on KDD Cup 1999 data set and the data set collected in LAN both show that the total detection rate of the network intrusion detection system through employing semi- supervised GHSOM algorithm is higher than the network detection rate of the intrusion detection system through employing unsupervised GHSOM algorithm.