Research On Network Intrusion Detection Based On Clustering Algorithm

The rapid development of information technology leads to the populace ofnetwork. Network technology has brought great convenience to people on one hand,on the other hand produced security problems. In order to solve these problems, manymethods have been proposed, among which intrusion detection technology enjoys theimportance. Thus this technology undertakes more and more serious demand. Whilethe old one cannot satisfy the need of the current security system, so the propositionof the more effective one is necessary.At the present, as most clustering algorithms depends on clustering numberwhich means confirming the K-means is important, and the number has been setbefore clustering, the algorithms have to set too many clustering numbers in settingnetwork data; they are incapable to deal with the character attribute in the networkaffairs; and they cannot solve the similar properties of characters (such as protocol)which the K-means or K-center cannot solve. Therefore, in the light of the decisiontree classifying thought and ant colony clustering thought this paper proposes a hybridstructure of spatial multilevel classifier composed of decision tree classification andant colony algorithm. This classifier improves the tree classification of algorithmC4.5, and at the same time employs ant colony clustering algorithm to make surewhich is the right intrusion action. It also can delaminate the attacking data with thenormal data in the first layer, the other second and the special third. By experiment,this new method is effective to detect the intrusion by which false alarm rate is lowand keeps itself in a relatively acceptable level; and the unknown intrusion detectioncan be found to improve intrusion detection rate.In dealing with the intrusion detection alarm, the data mining technology ismostly employed. This is usually used in the particularly proper situation, and is notvery perfect under lots of alarms. Aiming the problem that alarms is too many most ofwhich is redundant, this paper proposes the intrusion detection alarm clusteringalgorithm based on information entropy which quantifies of the alarm to get the valueof information entropy; completes the alarm clustering by the standard of "the smallerthe value of entropy, the better the clustering effect "to distinguish real alarms fromthe false ones. The experiment shows that this algorithm not only can deal with alarge number of alarms, but also can improve the detection rate of unknown alarms to reduce the false alarm rate and the intrusion detection leaking.