Resources can be shared fast in computer network, meanwhile, the computer network itself suffers from all kinds of illegal access and attack frequently. Computer network security is concerned widely. Intrusion detection system is an active safety protection technology. As one of the important researches in network security, it has been developed rapidly in recent years.In this thesis, we studied anomaly intrusion detection technology based on clustering analysis. The specific contents of this dissertation are listed as follows:Firstly, we comprehensive and systematic expatiated on current intrusion detection techniques and clustering algorithm; analyzed advantages and disadvantages of existing clustering algorithm which is applied to intrusion detection; studied the problems that ant colony clustering algorithm used in network intrusion data division.Secondly, Experiments were carried out based on KDD Cup 1999 data set, and then we analyzed the results which generated by ant colony clustering algorithm, found that many clusters have not enough compactness. Therefore, this thesis proposed an improved algorithm that can cluster again to the data which are far away from the cluster center. Furthermore, in order to solve the problem that clustering results have many sub-clusters, we added short-term memory to each ant and cluster agglomerate algorithm in the improved algorithm. The re-clustering results of using the improved algorithm showed that the cluster compactness was advanced significantly. Meanwhile, because of the reduction of sub-clusters, the algorithm gained high intrusion detection rate and detection speed.Finally, we used improved algorithm in local area network to do real intrusion detection. Probe and DOS attacks were detected in the local area network with the WinPcap which capture network packets. The simulation results showed that improved algorithm has better performance and adaptability to unknown network intrusion. |