| As an important part of network and information security, intrusion detection identifiesthe abnormal data and aggressive the behaviors which violate the security policy throughanalysis of the key points collected from network. Based on data mining anomaly detection,digging out the normal and abnormal behavior patterns of audit data, can reduce the heavyoriginal coding work and increase the adaptability of the system.Cluster analysis is a widely used technology in the field of data mining. It mainly usedto aggressive the internal relationship between data points. But the existing systems which arebased on single clustering detection were inefficient. In this dissertation, network anomalydetection model based on multi-clustering analysis (NADMBMA) is proposed.First, it discussed the theories of anomaly detection. Definitions and methods ofanomaly detection were detailed researched and analyzed, the strengths and weaknesses ofvarious anomaly detection methods based on clustering were compared. It provided thesubsequent method support for the network anomaly detection model.Second, it designed and proposed the NADMBMA model. Made up of subspaceclustering, density clustering and evidence accumulation clustering, combined with thethreshold selection algorithm based on matrix clustering, it formatted an unsupervisednetwork anomaly detection model. The model included three clustering algorithms, can usesthe advantages of various clustering algorithms.Third, it achieved of the NADMBMA prototype system. Based on Java language andMVC framework, it designed and implemented the data conversion module, datapreprocessing module, the core clustering analysis module, and the result output modulewhich provides platform support for follow-up experiments.Finally, it verified the feasibility and effectiveness of the NADMBMA model. By usingKDD CUP99data set,it proved the feasibility the matrix clustering threshold selectionalgorithm and used comparative analysis to proved the effectiveness of NADMBMA. |
PDF Full Text Request