| Intrusion detection is an important part of network security. Most intrusion detection algorithms available are supervised, which take labeled data as training samples. While the research of unsupervised intrusion detection which take unlabelled data as training samples is attractive and challenging. On the one hand, the algorithms train on unlabelled data. which may reduce the resources for computation and storage, and find new kinds of attacks. On the other hand, the algorithms have to be able to handle large, heterogeneous and high-dimension data set.Based on unsupervised methods of natural computation, machine learning and data mining, some unsupervised intrusion detection algorithms are proposed:An algorithm is proposed which combines aiNet, an evolutionary artificial immune network proposed by De Castro and a traditional hierarchical agglomerative cluster algorithm. The algorithm performs well over the KDD CUP 1999 dataset.To make the application of One-Class Support Vector Machine (OCSVM) on unsupervised anomaly detection more practical, pre-selection of training data was proposed. Two algorithms are used in the paper. One of them is a simple method choosing data points by distance-based comparison. The other one is an improvement on aiNet. The experiments show that these methods can speed up the training and classifying process of OCSVM with rational loss of the performance.An algorithm based on outlier mining is proposed. It is a dense-based method and the low-dense data cubes are searched by clonal selection algorithm. The experiments show the method is feasible.
|
PDF Full Text Request