Research Of The Ant Colony Clustering Algorithm And Applied To Intrusion Detection

With the rapid development of computer network, while the computer has brought us convenient, it also often suffers unauthorized access and malicious attacks. Network security issues become prominent increasingly, and thus get more and more people's concern and attention. Intrusion detection technology as one of the core technology in the security auditing is an important part of network security systems. The intrusion detection research has a great significance in both theoretical research and actual use. Ant Colony Clustering Algorithm (ACCA) is a new clustering algorithm, robustness, flexibility, self-organization and distribution, etc., these features make it capable of solving the unsupervised clustering problem. Existing ant colony clustering algorithm (ACCA) solution efficiency is not high, convergence defects and poor response to these shortcomings, this paper presents two kinds of new ways to improve on the Ant Colony Clustering Algorithm (ACCA), and will improve the ant clustering algorithm (ACCA) combined with the fuzzy C-means clustering (FCM) algorithm combined algorithm is applied with the Snort intrusion detection.Improved ant colony algorithm intrusion detection technology, learning and research and analysis on the basic principle of ant colony clustering algorithm to carry out the following aspects:(1) in the existing cemetery principle of ant colony clustering of the data to increase the strength of an ant pheromone to determine if the data does not belong to the outliers, and proposes two feedback-based ant colony clustering algorithm, base on pheromone-based feedback ant colony clustering algorithm (ant colony clustering algorithm (ATACCA) and base on time-based feedback ant colony clustering algorithm (APACCA).(2) It is to get better clustering results after the second clustering by combining the improved ant colony algorithm with fuzzy C-means clustering.(3) After researching kdd cup99data sets and simulating the handled data sets, it will validate weather the improved algorithm can improve clustering results. (4) While adding an abnormal detection module for the existing Snort intrusion detection, it is not to discard the unmatched data but make it re-enter the training set for training the new rules. Finally, build the snort intrusion detection system, apply the algorithm into the snort, and carry out the intrusion detection to laboratory network.