曹偉駿(Woei-Jiunn Tsaur),
游錦昌(Ching-Chang Yu),


隨網際網路的發展迅速,駭客人數也不斷的快速成長,要如何維護資訊安全,避免駭客的入侵,成了當下相當重要的議題。為了防護網路入侵行為,許多的防護軟體或方法相繼被提出,在這些方法中最受人注目的便是「入侵偵測系統」。然而,入侵偵測系統發展至今約二十餘年,卻還是無法非常有效的應用在現今網路環境上,探討其原因,無非是因為現有的入侵偵測系統偵測率過低且誤報率過高,其中誤報率過高的問題更是讓管理人員拒絕使用入侵偵測系統的主因。為了提升入侵偵測系統之偵測率及降低其誤報率,本研究之具體作法為設計一適用於入侵偵測之高準確度階層式分群演算法,該演算法可適用於分群網路封包,而結果將比現有之分群方法擁有更高的準確度。本研究從入侵偵測系統之分群演算法著手改進,讓群集分析的結果可以更準確的分析出正、異常群集,藉此提昇入侵偵測系統之判斷能力。With the growth of Internet, the number of hackers is increasing. Therefore, how to protect information security and avoid intrusions is an important issue. In order to prevent the behavior of intrusion to Internet, many software tools or methods such as intrusion detection systems have been proposing. However, in the past twenty years, the operation of intrusion detection systems still cannot be efficient. The reason is that existing intrusion detection systems are still with low detection rate and high false positive. Especially, high false positive lets system managers refuse to use intrusion detection systems. Therefore, in order to increase the effectiveness of intrusion detection and reduce the false positive, we propose a hierarchical clustering algorithm for intrusion detection. Our proposed method is the highly accurate hierarchical clustering algorithm, which is suitable for clustering network packets. The proposed clustering algorithm can accurately generate normal and abnormal clusters, and is more efficient and accurate than existing clustering methods.


入侵偵測系統; 分群演算法; 偵測率; 誤報率; Intrusion Detection System; Clustering Algorithm; Detection Rate; False Positive

曹偉駿(Woei-Jiunn Tsaur), 游錦昌(Ching-Chang Yu), "適用於入侵偵測之高準確度階層式分群演算法," Journal of Internet Technology, vol. 7, no. 2 , pp. 177-183, Apr. 2006.

