Research Of Network Intrusion Detection Based On Clustering Algorithm

With the rapid development of computer and communication technologies, computer applications are increasingly developing in breadth and depth, thus making computer security involved in business benefits, personal privacy and national secret more and more remarkable and complicated. Now all the existing computer security products can provide certain protection for computer and network, but they are not complete because of their own vulnerability. So how to prevent computer and network from a variety of attacks in progress actively becomes an important problem to be solved.Though the traditional security products, like identification/ authorization, access control audit, encryption and firewall etc., are widely used, the computer system and the network are still exposed to attacks because of the imperfect security system. However, the imperfect security system that we speak just means the security system having some vulnerability. Though the intrusion detection technology can't prevent invasion and attack, it has the ability to find the vulnerability and capture it when the illegal invaders attack the system. So it is the essential means to guarantee the security of the current computer system.Intrusion detection system is a real time monitor system to supervise the invade activities, i.e., by the real time monitor system's dynamic character. Intrusion detection can determine whether there is invasion or not. So intrusion detection systems are an integral part of any complete security network system. Currently, the most widely deployed and commercially available methods for intrusion detection employ signature-based detection. These methods extract features from various audit streams, and detect intrusions by comparing the feature values to a set of attack signatures provided by human experts. Such methods can only detect previously known intrusions since these intrusions have corresponding signatures. Hence, there came up with many approaches such as data mining and knowledge discovering to detect intrusions. However, the intrusion models that all these methods adopt totally depend on the instances of the training data sets, so clean data sets are crucial for building applied IDS. In fact, collecting clean data sets is very difficult and costly, so it is essential to study the unsupervised intrusion detection methods. Based on the research background stated above, this thesis intends to develop research on network intrusion detection based on clustering method. In order to enhance the effectiveness for unknown intrusions, some network detection algorithms mainly using clustering analysis are proposed which are measured by the detection rate and the false positive rate, and are provided with computer simulations.In this paper we propose improved k-means and the PSO-k-means algorithm which combines the k-means with PSO, after that we analyze the advantages and disadvantages of traditional clustering algorithm that applying to intrusion detection, and then introduced Particle Swarm Optimization algorithm into clustering algorithm. Through experiment to KDDCup99 datasets, the improved algorithm that this thesis brings forward gets obvious effect.