Research Of Intrusion Detection Method Based On Improved K-means Algorithm

With information technology penetrating into all spheres of life, the information security issues have been severely tested. As species of Network Virus are growing quickly, the effect of Static defense like Firewall, Data encryption and so on has been challenged. Intrusion Detection Technology has proactive defense which has made up for the defects of traditional security technologies.Clustering is a process that divides the data into a plurality of groups or classes, ensuring a high similarity in data objects within same groups and dissimilarity in data objects within different groups. The clustering algorithm applied in intrusion detection can discover unknown intrusions, thus becoming a research hotspot today. This paper carried out a research on intrusion detection on the base of K-means clustering analysis, improved the K-means clustering algorithm, applied the improved K-means clustering algorithm into intrusion detection and proposed an Intrusion Detection Model, the Intrusion Detection Model is tested and analyzed by actual experiment.Firstly, this paper introduced the concept and the effects of intrusion detection, its basic model and its classifications; elaborated the concept of clustering, method of similarity measure in the clustering, measure functions between classes, main research directions of clustering analysis, the general process of clustering and clustering algorithm in the intrusion detection. Advantages of K-means clustering algorithm convergence are fast, simple and high efficiency of processing data whereas there are some inadequacies to be improved.Secondly, the main contribution of this paper is that we proposed a new method of determing K due to the defect of K-means algorithm in its serious dependence on initial cluster centers and needing artificially given the number of clusters K; aiming at the defect of K-means algorithm in its sensitivity of the cluster center and its potential of falling into the local optimum of K-means algorithm, we have introduced Differential Evolution(DE) algorithm, of whose the global optimization ability is stronger, to the K-means clustering algorithm. Meanwhile, in DE algorithm, we applied dynamic adaptive crossover probability factor CR and scaling factor F, which effectively improved the ability of global optimization and the speed of optimization. In addition, by making use of the randomness, periodicity and other features of chaos theory, we have capitalized on chaotic sequence to initialize the population, which improved the diversity and difference of the initial population and effectively reduced the possibility of falling into the local optimum of the algorithm;This paper applied chaos optimization search into DE algorithm, which ameliorated the optimal individual and effectively improved its ability against prematurity, optimizing ability and convergence speed.Finally this article applied the K-means clustering algorithm into intrusion detection and proposed an Intrusion Detection Model. And the KDDCup1999data sets had been used based on this model to verify the experiment. Experiments showed that the improved K-means clustering algorithm is a good way to improve the clustering effect. What’s more, it improved the efficiency of Intrusion Detection and also improved the detection rate and false alarm rate.