Research Based On A Method Of FRS-FCM Ensemble Intrusion Detection

With the rapid development of computer network technology, more and more private information was placed on the Internet, making the issue of network security is becoming a hot topic in the field of computer science.Intrusion detection by analyzing and comparing a variety of mobile information through the computer network system to detect the intrusion caused by security threats.Traditional intrusion detection systems often use the FCM algorithm to cluster of huge amounts of data, or using a machine learning algorithm for classification learning, the prevalence of false alarms and omissions high, the poor adaptability, the lack of a combination of detection methods. Therefore, reduction of the original data set, improve the FCM algorithm, and select the appropriate integrated intrusion detection algorithm is very necessary to improve the performance of intrusion detection systems, and also provides a new tool to tackle the issue of network security.In this paper, on the basis of existing research results, proposed a based on fuzzy rough set FRS-FCM algorithm, and applied it to the integrated intrusion detection:1. Proposed a based on fuzzy rough set FRS-FCM clustering algorithm based on fuzzy rough sets and ReliefF. In this algorithm, mainly work include the following two aspects:(1) Use the fuzzy rough set (FRS) algorithm for data reduction and get the initial value of the fuzzy membership matrix according to fuzzy upper and lower approximation.(2) Use the characteristics weighted linear combination of distance to evaluate the degree of similarity between the various indicators:different discrete data connection records using a simple matching measure, numerical features using Euclidean distance weighted sum of squares, in which the weight of indicators determined by ReliefF technology.2. Proposed an integrated intrusion detection method based on the FRS-FCM, primarily work include the following two aspects:(1) Extracted a signature collection from the data connection record and use it to describe the data connection record attributes.(2) Use the FRS-FCM algorithm to clustered, and clustering results were used to BP, GABP, and SVM to learning, and get the attack logic value of each data record. Finally, get the last detection results by attack logical value-weighted integration.3. Use the DARPA KDD Cup 1999 data set to validate the feasibility and effectiveness of the integrated intrusion detection method based on the FRS-FCM algorithm.