Information Technology Reference
In-Depth Information
is the similarity between
X
and
In formula (4),
A
, the element
j
in
Sim
(
X
,
A
)
j
set
A
. The final result will be equal to the maximum one.
3.3 The Sample Set Optimization Based on Artificial Immune
Artificial Immune System imitates the natural immune system, and provides a novel
way to solve the problem of potential. To avoid the training data sets may be some
faulty, we use the artificial immune and genetic algorithm method to optimize the sam-
ples set of abnormal behavior AI
0
. The optimization process is showed in Figure 1.
Clone selection
AI
0
AI'
0
Data mining
AN
0
AN
AI
Behavior samples
Monitor
Alert
Fig. 1.
Sample set creating and optimizing processes
Figure 1 mainly states the generation and optimization process of abnormal behav-
ior set AI. Firstly, data mining method is used in generating initial sample set AI
0
.
And this result can be supplemented based on experience. Then, the genetic mutation
and proliferation are operated on AI
0
to generate a larger candidate sample set AI
0
'.
And then, the affinity of every sample will be calculated by means of the similarity to
AI
0
. The samples with high affinity will be selected. And then, the further negative se-
lection delete the samples with the simlarity to
AN
equal to 1 or very close to 1. Fi-
nally, we get a optimized sample set of abnormal behavior. The optimization is of a
two-step process:
(1)Clone Selection
The purpose of clone selection is to expand the quantity of abnormal samples, or to
optimize the distribution characteristic of the sample space. These characteristic in-
clude the distribution density, proportional spacing of the samples, etc.. In this sec-
tion, our cloning algorithm take AI
0
as original parameter, and adopt multi-crossing
and random variation to expand sample space and enhance the homogenization of the
spatial distribution. Expanding the abnormal behavior sample space and optimizing
the homogenization of sample distribution are propitious to reduce the rate of false
negative alerts in detection system.
Search WWH ::
Custom Search