| Along with the popularity of computer and rapid development of the network technology. Network brings interests to people, but also suffers from various forms of attack. Intrusion detection works as a proactive security technology, effectively prevents various attacks. Data stream mining gets more and more recognition from people. Building model on data stream, doing mining real time, which is very important for intrusion detection.Clustering algorithm of data streams is a key development direction of the data stream mining. Using clustering algorithm of data streams builds the intrusion detection model, which can update intrusion detection rule library real time. So put the clustering algorithm of data streams to intrusion detection has the significant practical significance. However the current clustering algorithm of data streams exists many shortcomings, based on the D-Stream algorithm as the research background, analyzing the algorithm's shortcomings and the insufficiency. The goal is to make the intrusion detection system has high detection rate, low false alarm rate. Through improving the algorithm, makes its better meet the needs of intrusion detection.Firstly, this article analyses the development status of the current intrusion detection system and problems,related technologies of the data stream mining,the characteristics of the clustering algorithm of data streams and the requirement of the clustering algorithm of data streams for intrusion detection, which is providing theory basis for the after article.Secondly, through reseraching on the D-Stream algorithm, this paper presents a density-based clustering algorithm of data streams which is M-Stream. According to the Cosine similarity and the feature of the Minkowski distance and importing the concepts of the frequency and summary information, presents a similarity measurement method between the mixed attribute dataes. Aiming at the time and space complexity problems of the algorithm., which adopts trees and hash table for storing nodes and pointer. Aiming at the parameter setting problem, this paper proposes a density thresholding function, making the clustering of data streams execute in fixed memory within the constraints. Aiming at the off-line clustering problem, through extending neighbor cells concept to cluster, through memory sampling method to find the evolution of the cluster.Finally, according to the characteristics of the data stream, this paper designs a suitable intrusion detection model based on clustering algorithm of data streams, using the backend learning to update the rule library. Using the KDD CUP1999 datasets to test the system, the experimental results show that the method is better than previous algorithm and achieves the desired target. |
PDF Full Text Request