针对异常检测方法中存在的异常连接信息不足的问题设计了一种基于混合聚类和自组织映射的异常检测模型.首先提出了一种聚类算法用以进行异常检测,然后再通过自组织映射(SOM)对检测出的异常连接进行分类以获得其更多的异常连接信息.最后应用实验数据集进行仿真,结果表明本检测模型是有效的,能够将检测到的异常连接进行分类并由其所属类别给出该异常连接的更多信息,且检测和分类的效率比较高,误报率低.
In view of the lack of information about anomalous connections in anomaly detection approach, an anomaly detection model based on hybrid clustering and self organizing map (SOM) is proposed. Firstly, a clustering algorithm is proposed in order to detect anomalous connections, and then the SOM is applied to classifying the pre-detected anomalous connections, through which high level information about anomalous connections is acquired. Finally the experimental data are used for simulation. The experiment result shows that this model is effective, and can classify the detected anomalous connections and give more information about that connection from the category which it belongs to. The model has a high efficiency of the detection and classification with low false rate.