| Intrusion detection system is a new generation of security technology after data encryption, access control, firewall and other traditional security technologies. As a kind of active and dynamic safe technology, intrusion detection system has recently been researching hot. By collecting and analyzing all kinds of information from key points of network or system, it can find out whether the network or system has been attacked or the security policy has been broken out. In this way, the intrusion detection system can take measures against these attacks or behaviors to protect the security of computer. In the last 30 years of development, although traditional IDS has high detection rate and low false positive rate, it could hardly detect the unknown attack data.In recent years there is a huge amounts of data included large amount of available data, we need useful knowledge that be changed by such data. So data mining is widely used in all fields. Cluster analysis is a basic assignment of data mining. The goal of clustering is to separate data set into such clusters that objects within a cluster have very dissimilar in comparison to one another. but are high similarity to objects in other clusters. People can treat intensive and sparse areas separately through clustering and find new knowledge in it.FCM algorithm is the more widespread method in cluster analysis. However its bad shortcoming is the sensibility to initial value, and it is easy to run into a local optimum. Genetic algorithm is a method of searching for best solution by imitating natural evolution. So a clustering method (which is called FGA algorithm) based on FCM algorithm and genetic algorithm is proposed. It has good global and local search capabilities, the FGA algorithm can effectively improved the detection rate and the false positive rate because solved the clustering problem. In order to make the clustering speed faster, this paper puts forward an improved FGA algorithm. The algorithm is based on FGA algorithm, it makes some improvements on all the operates on the premise of allowing solutions with empty clusters and adds incremental operate, during which incrementally calculate the cluster centers and the objective function. It can make the algorithm clustering speed faster. Finally, the proposed models and algorithms are simulated by KDD'99 datasets, it is proved that FGA algorithm is better than FCM algorithm, the improved FGA algorithm does clustering faster than the former algorithm and the advantage is more evident when a small mutation probability is input. The experimental results show that the application of FGA Algorithm has boundless bright prospects in the field of intrusion detection. |
PDF Full Text Request