| With the development of computer and network technologies, internet brings us opportunities and many network resources, thus making computer security involved in personal privacy, business benefits and national secret more and more complicated and remarkable. So how to effectively and quickly detect and prevent acts of illegal invasion becomes an important problem to be solved. Though there are many traditional security products now, like authorization, access control audit, encryption and firewall etc., however, these security systems are incomplete, and intrusion detection technology can make up for their shortcomings. The intrusion detection technology is able to find loopholes, and it captures them real-timely when the illegal intruders attack systems. So Intrusion detection technology is a new security technology, is the main component of the computer security architecture, and has become an important part of the computer security research.Now intrusion detection systems are the low level of intelligence, have the invasion capacity of the poor real-time detection, have the low rate of detection accuracy and high false alarm rate; Data clustering technology is applied to intrusion detection, which enables the intrusion detection systems to have the ability of self-study and self-organization, and improve the system's ability to handle massive data, in order to extract data in the potential value of knowledge and rules, improve the detection capability. Data clustering is a typical unsupervised learning technique that can build intrusion detection model and detect anomaly records in unlabeled dataset. In this paper the incremental clustering algorithm based on aiNet is raised, which combines the artificial immune theory, such as clonal selection, affinity maturation, as well as networks suppression. That increases the capacity of self-learning and intelligent effectively. The incremental clustering and the idea of merging sub-cluster is applied to this algorithm, which effectively improve the efficiency of clustering. Therefore data clustering has practical meaning in the field of intrusion detection, and is a very valuable research.The subject of this paper is from the basic research project in the applied science and technology department of Sichuan province, "Intrusion detection technology research based on safety of immunization services network " (2008JY0058). The main research work of this paper:1. Analyse clustering method in data mining aiming at intrusion detection, and put forward an incremental clustering algorithm based on artificial immune network.2. Based on analysis of existing intrusion detection systems, incremental clustering algorithm is applied to the Intrusion Detection System. The model process includes the preprocessing of job data, clustering, labeling clusters and real-time detection; First of all the property values of data is standardized, the appropriate clustering algorithm is used to classify these connections record, distinguishing normal connection records from abnormal connection records; And records that contain the abnormal connections is marked as abnormal clusters, while records that contain the normal connections is marked as normal clusters.3. The real-time detection is executed; The detection algorithm is based on incremental clustering, it detects unknown intrusions effectively while the clustering results are improved continuously.4. Firstly two-dimensional dataset is used to prove that, the result of incremental clustering algorithm is the same as the result of the re-clustering. The incremental clustering algorithm based on aiNet is effective in raising the efficiency of clustering too. Then the KDDCup 99 dataset is used for incremental clustering algorithm based on aiNet and incremental clustering algorithm based on K-means to carry out experiments show, the intrusion detection model based on aiNet incremental clustering algorithm can effectively improve the detection rate and false alarm rate. At the same time, it can effectively improve the detection speed. |
PDF Full Text Request