Data Clustering Based On Immune Network Theory And Applied Research

With the rapid development of computer networks, known and unknown network attacks are increasing. How to distinguish between normal behavior and abnormal behavior effectively, and how to generate intrusion rules automatically, has become a research focus of Intrusion Detection.Immune Network-based Data Clustering Algorithms are inspired by the characteristics of biological immune system, such as immune memory, distributed parallel processing, self-organization, self-learning etc. It is capable of extracting meaningful konwledge and rules buried in the data sets. These rules are significantly important for the Intrusion Detection System to make judge. The idea that Employing the Data Clustering to the analysis of network data. is crucial for Intrusion Detection, also contributes to constructe the intelligent Intrusion Detection SystemHowever, there are some shortcomings existing in the current Immune Network Learning Algorithms. This paper introduces the basic principles of the Immune Network and Data Clustering. Besides, the paper makes innovative and exploratory research when applying Immune Network-based Data Clustering to Intrusion Detection.The main contents as follows:1. Propose a novel learning algorithm based on the idea of Immune Network Theory and Adaptive Radius. The novel learning algorithm is capable of solving following problems exist in current Immune Network Learning Algorithms: (1) It is capable of maximally preserving the density information after compression and solves the information distortion problem, besides, the results are more accurate to characterize the spatial distribution of the original data; (2) The novel algorithm adopts the only-one-cloned principle, which greatly reduces the complexity of the Network Suppression, time complexity of the learning algorithm is significantly reduced and the network convergences rapidly; (3) Not only the mechanism of Network Suppression, but also the Adaptive Radius is introduced to the learning algorithm to regulate the dynamics of the network, avoiding a single adjustment mechanism, so that the expansion of the network is more smooth, self-organizing process is more stable; (4) Only one parameter afftects the performance of the learning algorithm. The Robust of the learning algorithm is greatly enhanced.2. Propose an algorithm to estimate the smallest Adaptive Radius based on Statistics and Average Separation..3. To separate the data into clusters, the Minimum Spanning Tree is built on the resultant network of antibodies,then Zahn Partition Criterion is employed to the MST to generate clusters of the Immune Network Cells. The whole Clustering Algorithm based on Immune Network Theory takes place in two steps, first step is the novel learning algorithm and the second step is the MST partition algorithm.4. To validate the performance of the novel clustering algorithm, simulations over the two-dimensional datasets are performed..The obtained results suggest that the novel Immune Network-based clustering algorithm maximally preserving the density information during the learning phase and obtain a better performance than the aiNet algorithm.5. In order to employ the novel Immune Network-based Data Clustering algorithm to Intrusion Detection, the paper also proposes a labelling algorithm to label clusters.These tagged clusters constitute a collection of detector. 6. Propose an Intrusion Detection Algorithm, the tagged clusters are employed to the Intrusion Detection Algorithm to detect the network data.In this paper, computer simulation over the KDD CUP 99 data set is performed to validate the efficiency of the proposed Intrusion Detection Method. First the unlabeled training data set for Intrusion Detection are pretreated by the novel Immune Network-based Algorithm, The outputs of the Clustering Algorithm are considered as cells of immune network. Then the Minimal Spanning Tree (MST) of the immune network cells is separated by Zahn's partition criterion to generate clusters. The clusters are labelled as normal or abnormal to detect known and unknown attacks. The computer simulations over the KDD CUP 99 dataset show that this method achieves higer detection rate and lower false positive rate , also is more effective than other artificial immune network clustering- based intrusion detection method such as aiNet.