| With the continuous development of computer network technology and the expanding of the network application scope, many types of network attacks and sabotage are increasing day by day. Today, network security problem is increasingly prominent. How to find a variety of network intrusion activities quickly and effectively is very important for ensuring the security of systems and network resources. Traditional static defense means such as firewall and data encryption have been unable to fully meet the requirements of network security. As a proactive security protection technology, intrusion detection system has become an important part of protection architectures of network security and information security. At the same time, intrusion detection methods and technologies have been a research focus in the security field.Based on this, research on k-means cluster analysis based network intrusion detection was carried out in this paper. In order to improve intrusion detection quality, the improved k-means algorithm was proposed according to the detection rate and the false alarm rate. Meanwhile, a cluster analysis based intrusion detection system (IDS) model was introduced, and on this basis, computer simulation and verification for algorithm was implemented. The main research contents of this thesis are as follows.Firstly, the basic concepts and principles of intrusion, intrusion detection and intrusion detection system were introduced. Secondly, corresponding definitions and algorithm classification of cluster analysis techniques were described. Then, k-means algorithm was researched as a focus. A selection method for the initial cluster center was proposed to improve the cluster effect effectively in connection with serious dependency of the cluster effect of classical k-means algorithm for initial cluster center and the local optimum shortcomings caused by randomly selecting initial cluster center. For the disadvantages that k-means algorithm reckon the various attributes of analyzed samples has the uniform contribution for cluster results, the variation coefficient method that each property is assigned a corresponding weight according to different functions of each property in clustering process was proposed to reflect the impact of various attributes for cluster results and improve intrusion detection effectiveness. Finally, the IDS model was introduced, based on which the experiments for the comparison of improved k-means algorithm and classic k-means algorithm were simulated using intrusion detection data sets KDD Cup 1999. Experiments showed that improved k-means algorithm obviously outperformed classic k-means algorithm based IDS model, which obtained a lower false detection rate and higher detection rate so as to enhance the intrusion detection quality effectively. |
PDF Full Text Request