Research On Intrusion Prevention Technology Based On PCA And Semi-Supervised Clustering

With the advances in Internet technology, the rapid development of Internet ofThings technology and the rapid rise of cloud computing technology, network securityissues are being got more and more widespread concern by people. The traditional networksecurity technologies such as firewall, intrusion detection, etc, have been difficult toeffectively ensure network security. Intrusion prevention technology has been one of thenew hot spots in network and information security field in recent years. It is beinggradually attached great importance to by people.The traditional intrusion detection algorithm based on unsupervised learning has thehigher detection rate but also the higher false positive rate. Intrusion detection algorithmbased on supervised learning has the higher detection rate and the lower false positive rate,but it’s difficult to correctly detect unknown intrusion attacks. Semi-supervised learning isintroduced into intrusion detection in this paper, also principal component analysis(PCA)and clustering analysis theory are studied. An intrusion detection algorithm is given basedon PCA and semi-supervised clustering. Firstly, the features of intrusion detection data setare extracted by using PCA, and the redundant attributes among the data are eliminated.Secondly, a few labeled samples with prior knowledge are exploited and pairwiseconstraints information is quantified. Improved competitive agglomeration is introducedinto to supervise and guide a lot of unlabeled samples in order to achieve correct clustering.The experimental results of intrusion detection show that algorithm can overcome thedisadvantages that traditional FCM depends on initialization number of clustering and issensitive to geometry, noise, outliers, etc. The algorithm is better than several otherintrusion detection algorithms.Mass high dimensionality data are emerging in the reality of the high speed networkenvironment. It’s bound to the difficult problem “Curse of dimensionality” when use thetraditional intrusion detection algorithm to audit and analyze these data. Semi-superviseddimensionality reduction algorithm based on PCA(SSDRpca) and semi-supervisedclustering algorithm(PCCA) are improved respectively in this paper. An intrusion detectionalgorithm based on improved semi-supervised dimensionality reduction and improvedpairwise-constrained competitive agglomeration is given. On the one hand, algorithmimproves the regularization term in SSDRpcaand makes full use of large number of unlabeled samples to preserve locality structure information in order to obtain the betterdimensionality reduction performance. On the other hand, according to the problem thatmagnitude order of constraint penalty term is inconsistent with classical FCM term inPCCA, algorithm adjusts the violation cost of the constraints into co-expression ofmembership degrees and distances of two samples and changes the competitive term intoShannon entropy term. The correct clustering process of a lot of unlabeled examples iseffectively controlled. The experimental results on UCI data sets and KDDCUP1999data set show that algorithm can improve clustering effect and the performance of intrusiondetection system.In this paper, an intrusion prevention system model is proposed based on PCA andsemi-supervised clustering. The model is consisted of central control module,communication module, intrusion prevention module and logging module. The basicworking principle of each module in the system model is discussed. Intrusion preventionmodule is studied, also intrusion detection system and intrusion response system aredesigned.