| The data clustering technology based on the artificial immune network is a simulation of the biological immune system, which uses the theory of immune recognition, immune memory and immune regulation. It is used to classify the large-scale data self-learning. It provides a new way for intrusion detection by defining normal and abnormal data of the network .The data clustering technology based on immune network is becoming a new research for the security of network.In the present, there are many problems in the data clustering algorithms based on the immune clustering, such as high degree of complexity, be sensitive to input parameter, low rate of convergence, inefficient for large-scale data stream processing and so on .also there are many problems of the intrusion detection systems based on these algorithms, such as low level of intelligence low level of detection rate, high false alarm rate and so on.I describe the mechanism of the immune system and the data clustering techniques in-depth in this paper, propose a new clustering algorithm and detection methods. This paper's main work and the research can be summarized as follows:1. In this paper, study the mechanism of the artificial immune and the techniques of data clustering, analyze several commonly used techniques of data clustering, sum up the advantages and disadvantages of these clustering technologies.2. Propose a new clustering algorithm (SA-aiNet algorithm).In the algorithm, I use the weight vector and the relevance of a concept to measure the degree of affinity between the data; solve the problems of many types of network data attribute description and the dimension of the impact of clustering results. In order to reflect the dynamics of the network clustering antibodies, I use simulated annealing algorithm variation which accept a new solution for data optimization through a probability criterion. The simulation shows that it has better clustering results than the aiNet clustering algorithm in the small-scale data.3. Propose a new clustering algorithm (AR-aiNet algorithm) based on the association rules to solve the inefficiency of the SA-aiNet algorithm in the large-scale data. The first phases of the algorithm taking the idea of divide and rule on the entire data clustering gets a number of sub-clusters. In the second phase of the algorithm based on the association rule combines various sub-cluster of network to get a final set of antibodies. Test in the KDD data set. Use the DB criteria to evaluate the clustering results. The results show that running time of the algorithm is less than the SA-aiNet and the aiNet algorithms'.4. Build an anomaly detection model. Use the outlier factor to mark the normal and abnormal individuals. The algorithm is applied to the anomaly detection. The experimental results show its effectiveness. |
PDF Full Text Request