A Method Of Clustering Intrusion Detection Research Based On DFC

With the rapid development of computers science and e-commerce, more and more individuals and units participate in the Internet making the issue of network security more prominent. Complex network environment lead to the traditional passive way of defense against computer security in time appeared to be inadequate, and intrusion detection system emerged. As the network bandwidth increased, a single traditional intrusion detection system has been unable to meet the need for real-time network detect, the current network security studies focus on cluster intrusion detection system. Its ideas of streaming network packets in real-time effectively addresses the phenomenon of the network packets lost.Currently, there are many intrusion detection products in the market, which is mainly used for corporate websites and the military departments to detect intrusions. However, commonly used fuzzy C-means Clustering intrusion detection algorithm does not consider the correlation of the data flow in the cluster intrusion detection systems will affect the accuracy of intrusion detection, and because of a larger difference in cluster size now will affect the detector load balance. The issues in cluster intrusion detection systems need to focus on are how to further improve the cluster detection intrusion detection system to enhance accuracy and load balancing. The key to this problem is to find a more reasonable method of streaming data packets; this article will study this issue in-depth.This mainly included as follows:1.Presents a related Data Flow Correlated Clustering Algorithm (DFC). In this algorithm, I specifically do the following tasks:(1)Extracted a specific six-group from the data flow attribute sets, the six-group as the data flow characteristics, provided a more comprehensive description of the data flow properties.(2) Raised concepts on data flow matching and data flow correlation, this concept will match each data flow's six-group in attribute with cluster center; use the matches to determine the correlation of the data flow.(3)Raised logical distance concept in data flow and given the logical distance formulas, developed from the semantic description to the formalization of the formula in the logic way in determining the distance of data flow. So that people can more accurately determine the distance between the data flow.2.Raised a clustering intrusion detection method based on DFC,streaming data flow based on the logical distance between the data flow, if the data flow logical distance greater than the threshold, this data flow will as center of a new cluster, otherwise put the data flow into the nearest cluster in logic distance. Applied this method to the cluster intrusion detection system model, the DFC set the maximum number of data flow, effectively limit the number of data flow within a certain range, balance the load of detectors.3.Verify the validity of DFC by testing assessment from DARPA KDD Cup 1999 and MIT Lincoln, which further proved the method with a high detection rate and high efficiency of cluster detection methods.