Intrusion Detection Method Based On Ant Clustering

As opposed to the traditional security measures, intrusion detection system is onekind of proactive security protection technology, which could perceive and responsebefore the danger to the network system, thus the deficiencies of the traditional networksecurity protection technology could be made up. So the detection system plays animportant role in the information security and has now become an important researchfield and developing direction of the network information security. However, due to thehuge amount, prompt update of the traffic data of the network, it is difficult to perceivethe aggressive behavior directly and promptly, and bring great difficulties to intrusiondetection. The emergence of the data mining technology provides an effective measureto solve this problem. Data mining technology has obvious advantages in extracting thecharacteristics and rules from large amount of data, which makes it possible foradopting data mining cluster analysis to achieve the accuracy and timeliness of thedetection. By combining cluster analysis and intrusion detection technology, theintrusion detection capability of dealing with mass data could be enhanced. Amongvarious clustering algorithms, ant colony clustering algorithm is rather new andeffective. With autonomy (clustering is no longer segmented and classified according tothe requirements, instead, it is formed naturally through the search behavior of the antcolony), flexibility, in the intrusion detection application, we need not pre-assign thenumber of clusters, which is of great research significance to improve the effectivenessof intrusion detection system.Based on the aforementioned research background, the four main points of thepaper are as follows:1. Investigates into the basic model of ant colony clustering and the LF algorithm,and analyzes the advantages and disadvantages of the algorithms.2. Due to more parameter setups and reliance on users’ experiences, great impactof human factor, clustering algorithm lacks the universality and the effect tend to beinfluenced. In view of the deficiencies, the paper proposes two improved methods. Onemethod is based on improved BM model(LF) and combines with the theory ofsimulated annealing algorithm, adjusts the adaptive parameter dynamically, overcomesthe insufficiency that the clustering result is influenced as parameter of the similarityadjustment factor which is valued by experience artificially. The other method is based on AM model, and combines with the algorithm of adaptive ant clustering, throughsimulating dynamic adjustment of adaptive parameter by the annealing algorithm toimprove the quality and effectiveness of the clustering, thereby enhancing the effectivedetection rate of using the intrusion detection to detect unknown attacks, reducing thefalse rate.3. Discusses the application of clustering algorithm in intrusion detection. Thetraditional intrusion detection methods are only suitable for finding the globular clusters.In many cases, the algorithm is not sensitive to noise data and other insufficiencies,which require the number of the normal behaviors is far greater than that of theintrusion behaviors, but sometimes the requirement could not be met in the actualapplication of intrusion detection. The paper does a thorough investigation into theproblems existed in the application of intrusion detection, constructs an effective modelof ant colony clustering of intrusion detection.4. The paper adopts KDD CUP data clustering to construct the intrusion detectionsystem for the improved ant colony clustering model, tests its effect and compares theeffect with that of the other clustering algorithms, and finally, proves the proposedintrusion detection method has obvious advantage in both accuracy and capability ofdetecting unknown attacks.