Research Of Clustering Algorithm In Intrusion Detection System

As the rapid development of Internet, people depend highly on the net in their work and their day-to-day life, and a variety of economic activities have also started on the net gradually. So the need of computer network security increases rapidly. But at the same time, lots of network intrusion and malicious attacks happen, which threaten the network security badly. The existing passive protection systems, such as firewall and identity authentication system, can do nothing to the professional hackers and malicious acts of authorized users. Therefore, a new technique which can protect the system forwardly is need urgently. The intrusion detection system arises from this background. The research of the intrusion detection system based on clustering also becomes the hot spot.This paper presents two modified clustering algorithm for the intrusion detection system based on the foundation of the current study both home and aboard.First, it is the improvement of k-means clustering algorithm which is used in the clustering analysis the most commonly. A modified filtering algorithm is presented that could speed the generation of the new clustering center by constructing a kd-tree. For the nodes of the kd-tree, the algorithm remains a set of the clustering center candidate. Set the cluster to be static or be active, for each node in the iteration, the alternative information of centers is used to decide the set of candidate. Due to the information is delivered to the next step by using the static and active sets, the modified algorithm can reduce the complexity, and enhance the availability of using in high-dimensional data. So, the modified algorithm is suitable for the intrusion detection system.Second, a new characteristics-based WaveCluster algorithm is presented, which integrates the original WaveCluster algorithm and an entropy-based characteristics screening algorithm of the source data. It assesses the importance of the original characteristics set by constructing an entropy measurement based on the similarity of the objects in order to find the important characteristics subsets. By this way, the dimension is reduced. The WaveCluster is used on the low-dimensional subspace and can find the intrusion data efficiently.The comparison experiments show that both of the two modified algorithm presented in the paper can raise the detection rate of intrusion detection system. Also, it can be found that the WaveCluster algorithm is more effective than the k-means algorithm in the intrusion detection system. It shows a new research direction of the clustering-based intrusion detection system.