Intrusion Detection Method Research Based On Clustering Analysis

With the development of the network technology and the growing usage of network, the number of attacks is increasing. Nowadays, network security problems are increasing prominent, and how to find intrusion activities quickly and efficiently has become important to the security of system and network resource. IDS (Intrusion Detection system) is an active and driving defense technology. It is an essential component of information security infrastructure protection mechanism.Because network links many levels, the changing pattern invasion, a large number of research projects will use data mining technology to Intrusion Detection.However, in the face of the network environment types of attacks and damage to the growing complexity and the large number of massive data, People need a good method of detection to the various attacks have higher detection rate and low mistaken seizure rate, and the massive, high-dimensional, mixed-effectively to the complex data analysis.This paper makes a study of applying clustering and related data mining technique to intrusion detection. Conventional anomaly-based detection approaches should use data known to be pured normal as a reference model for detecting anomalous data. However, we do not have pured normal data readily available in real network environment, because it could hardly ensure no attacks taking place in the course of data collection, and it is difficult and tire some to label data manually. So the practicability of these approaches is limited. This paper attempts to use cluster analysis and related technologies in the absence of the marker, mixing a small amount of the normal data network intrusion audit data sources, the training will be as accurate as possible in a small amount of data on a large number of data from the invasion of normal data concerning leave, and to use the model to intrusion detection methods.This paper union cluster analysis and the though of abnormal mining to deal with the dataset which massive data stream of network and high-dimensional characteristics. The adoption of improved K-Prototypes algorithm solve K-Means clustering algorithm can not deal with the shortcomings of mixed data, to improve clustering accuracy.In this paper,data clustering based on the K-prototypes algorithm and obtains the cluster result. However, the division is just a rough division. In order to optimize the cluster result, the article uses the outlier detection technology. Clustering and outlier detection are supply each other. Clustering some extent it may be a sketchy division, in the process of clustering and clustering after deciding how to deal with the issue of out1ier points for optimizing clustering results are very important. This paper presents a new out1ier detection algorithm based on local deviation coefficient factor. The results showed that, based on the local deviation coefficient factor algorithm to optimize the results of clustering, improved detection efficiency.This paper used KDD CUP99 data set to test models of the performance testing, experimental results show that improved K-Prototypes algorithm can better handle massive, high-dimensional, mixed data. Clustering on the outcome of the outlier detection improves detection model performance, optimized clustering results.