Research On Fuzzy C-Means Clustering Algorithm In Intrusion Detection

Along with development of network technology and applications, network attacks and sabotage events are always popping up. Network security issues have become increasingly prominent, how to find intrusions quickly and effectively is very important to ensure the safety of network resources and the system. Traditional firewalls, message encryption and other static defense methods is very difficult to meet the network security demand, and intrusion detection as a proactive security technology, is an important part of in information security architecture, research on intrusion detection methods and techniques has caused more and more attentions. Intrusion detection method based on cluster analysis is a typical unsupervisedlearning technique, it can directly establish intrusion detection model on unmarked datasets to detect abnormal data, and experts do not need to manually create a rule base, for improving the efficiency of intrusion detection system has great practical significance. However, the existing fuzzy C-means clustering method has its shortcomings, its applications in intrusion detection is not satisfied. This paper based on the above research background, carried out network intrusion detection research based on Fuzzy C-Means clustering algorithm, the goal is to make the intrusion detection system has high detection rate, low false alarm rate. The main work of this paper is as follows:Firstly, on the analysis of the status of intrusion detection technology, existing problems and cluster analysis methods, design an intrusion detection system framework based on the fuzzy clustering, and the function of each module in the framework is introduced.Secondly, according to the problem that the number of cluster center C is difficult to determine in classical Fuzzy C-Means algorithm, puts forward a algorithm for seeking the number of cluster center; using the advantages of Mahalanobis distance, proposed a new objective function; for the shortcomings of the Fuzzy C-Means algorithm sensitive to initial value, easy to fall into local data points and can not get the optimal solution, combining with the characteristics of random global search optimization of article swarm algorithm, the particle swarm algorithm is introduced to a modified Fuzzy C-Means algorithm.Finally, take use of KDDCUP1999 datasets to test the system. The experimental results show that the system has a higher detection rate and low false alarm rate, improves the quality of the intrusion detection and achieves the desired target.