Intrusion Prevention System Based On Seml-supervised Clustering

Traditional network security technologies are firewalls and intrusion detection systems, but these methods have some disadvantages. As an important method to insure the computer network security, intrusion prevention technique becomes a hot research topic in the information security field.Because of disadvantages of the K-means clustering algorithm, depending on the initial value and converging to local optimal value easily, we propose a PSO-based K-means algorithm. We use PSO to instruct the initialization of K-means algorithm, which makes it converge toward global optimal value easily. The algorithm is applied to instruct detection system, and the experiments results elucidate that it clusters effectively, converges quickly and is realized easily.An intrusion detection algorithm based on semi-supervised clustering with PSO K-means is presented. It can solve some problems, such as the low detection rate of unsupervised learning algorithms, and the insufficiency of training samples of supervised learning algorithms. The algorithm instructs lots of unlabeled data to cluster by generating correct sample model using few labeled data, and cluster data which is unlabeled after previous cluster. It improves correctness of classification, and realizes detection for new intrusion. The experiment results manifest that the detection results of the algorithm are much better than the results of algorithms based on unsupervised learning and supervised learning.By studying the Netfilter intrusion prevention system based on Snort inline and IPtables, we present an intrusion prevention system model based on semi-supervised clustering. It includes intrusion detection module, data packet getting module, message register module and central control module. We design the detection algorithms of the intrusion detection module, and use the semi-supervised clustering along with PSO K-means as the detection algorithms. Function and configuration of the other modules are presented. The experiment results manifest that the intrusion prevention system can accomplish intrusion detection, message register, files filter and net supervise. It works background, occupies less memory, and has high application value.