Unsupervised Anomaly Detection Model Combining Total Attributes Clustering and Feature Attributes Clustering

To improve the detection rate,false alarm rate and detection efficiency of the unsupervised anomaly detection system,this paper divided the data set to different service sets,then clustered total attributes and part of related attributes(i.e.,feature attributes) in each service packet.The detection model of the service was established by comparing the training results and selecting the preferable training method.Detection experiments show that this model's detection rate reaches 99.21%,and false alarm rate falls to 2.2%.Compared with the model without services partitioning,the proposed model's training time and detection time reduce to 21.17% and 21.98% respectively.The result compared with other detection algorithms demonstrates the proposed model has better performance in the detection rate and false alarm rate.