Network Intrusion Detection Based On Clustering

With the development of computer communication technologies, the networks have become the main part of the basic establishments in global information, while network security has become more and more important. Intrusion detection is a data analysis process about the network-based data or the host-computer-based data in fact. Intrusion detection system, which can solve problems that the traditional protection mechanism system cannot solve, is the main component of the computer security architecture, and has become an important part of the computer security research. But the complication of computer system and huge quantity of network data which give people the great trouble for intrusion detection. Data mining technique offers an efficient way to resolve this kind of problems. As a data analysis technology of intrusion detection, data mining has the capability of abstraction of valuable information from great mounts of network data. The combination of data mining and intrusion detection enables intrusion detection system to have the ability of self-study, to better deal with a vast amount of data, to enhance the detecting ability, and to lighten security managers' work. Clustering is a typical unsupervised learning technique that can build intrusion detection model and detect anomaly records in unlabeled dataset. Therefore clustering has practical meaning in anomaly detection field and is of great value in promoting intrusion detection systems.This thesis is about the research and application of intrusion detection based on clustering. The existing clustering in data mining technology and intrusion detection system technology are analyzed reviewed with the discussing clustering algorithms. We discuss the traditional k-means algorithm and point out its shortcomings. An advanced k-means clustering algorithm based on genetic algorithm is proposed which overcomes the shortcomings of k-means algorithm. Test with the data KDD CUP 1999 is conducted and the experiments show that, the advanced clustering algorithm can improve the efficiency of data clustering compared with traditional k-means.