| With the development of networks, network security issues become increasingly prominent. In order to rapidly and effectively to find various types of intrusion and ensure system and network resource security, intrusion detection system become a research focus. Intrusion detection is essentially a pattern recognition problem. SVM (Support Vector Machine, SVM) to provide theoretical and applied machine learning to control the complexity and improve the learning machine promotion of effective means to overcome the "curse of dimensionality" problem, the inner product kernel functions by low-dimensional Space transformation to a high dimensional feature space, in high-dimensional feature space linear discriminant function to construct the original non-linear discriminant function space. Therefore, the use of support vector machines intrusion detection, intrusion detection can not only solve the problem of poor generalization performance, but also can improve the detection rate and reduce false negative and false alarm rate and improve the system's utility。However, in practice there is support vector machine training samples for a long time to predict slow and so on, these factors restrict the support vector machine in intrusion detection in a wide range of applications. Therefore, to reduce the sample training time and improve the detection rate of the sample, this paper adopts a multi-stage cluster-based intrusion detection based on SVM, the algorithm first samples the data density of the original cluster to remove noise in the sample, Then the density of the sample data after clustering K-means clustering, the clustering of similar samples after the data has a high similarity, and different types of low similarity between samples, so that effectively reduce the large Training time scale of the data, and ensure that the premise of the classification accuracy of the SVM to improve the identification rate; after clustering of the sample through the use of nearest neighbor methods (Nearest Neighbor-NN) for classification of pruning to remove the interference of the interface points. To improve classification accuracy. Initial cluster centers using a K-means algorithm optimization effectively reduces the K-means algorithm dependent on the choice of initial values。To test the multi-stage cluster-based support vector machine algorithm, the simulation of various intrusion detection algorithms, and the results of analysis and comparison of sample data selected U.S. Department of Defense Advanced Research Projects Agency DARPA (Defense Advanced Research Projects Agency) assessment data Set, the results show that the SVM-based multi-stage clustering applied to network intrusion detection and achieved good results。... |
PDF Full Text Request