Research On Intrusion Detection Based On Clustering Algorithm

With the rapid development of Internet and the growing usage of network, the number of intrusions is on the increase, more and more people are paying attention to network security issues. As the network attacks becoming complex and intelligent, it is difficult to guarantee network security relying on defense technology likes firewalls and data encryption. Intrusion detection technology is become an important reasearch field of network security research. Intrusion detection system is a proactive security technologies, implement in the security system as a complementary to static security tools.As the network environment is becoming more complicated, the limitations of traditional intrusion detection systems come out, which is not adaptive, disable to detect new or unknown types of intrusions. The thesis takes a data-centric point of view and consider the intrusion detection as a data minging process. This thesis applys cluster analysis algorithms to intrusion detection system that will improve the performance of intrusion detection system.First of all, this thesis introduces the development and research background of intrusion detection, analysis intrusion detection and clustering algorithm, discuss the meaning of apply clustering algorithm in intrusion detection.Secondly, the thesis discusses of traditional clustering algorithm for intrusion and point out the drawbacks of K-Means algorithm, using Kernel fucntion process the source data to get better clusters, propose a new cluster center selection algorithm to set cluster centers at optimal positions, so the clustering results will be more reasonable and improve the performance of intrusion detection, the thesis proposes a new labeling cluster algorithm, and using density-based outliers detection algorithms optimize clustering result, which can improve the detection result.Finally, this thesis introduces a model for clustering-based intrusion detection model, test the performance of clustering algorithm in intrusion detection, experimental results show that the improved algorithm can increase detection rate and decrease false positive rate.