Research And Application Of Clustering Analysis In Intrusion Detection

With the popularization of computer application in various fields of global, ourlearning, work and daily routine have been rapidly changed by network communicationin the unique ways. Facing the trend of fast development of network technology, wehave to recognize the following two aspects: for one thing, the wide developmentprospect of network technology; for another thing, increasing seriousness of thenetwork attack and damage, severely threatening to the normal operation of networkcommunication. The network security has become one of important current world topicson a global scale; the way to efficiently detect illegal actions indentified by networkdata is of extreme importance to maintain the security of systems and network resources.Parts of problems on system security can be resolved by traditional dynamic networksecurity defense technologies (including firewall, data encryption, etc.), lackinginitiative in detection of complex and volatile means of network attack. Therefore, theintrusion detection technology that has abandoned passive stimulation and is capable ofinitiative detection is brought into being. Being a new security technology, the intrusiondetection technology would be responsive before systems and resources are damaged,resulting in covering the shortage of traditional technologies efficiently. Conclusively,the intrusion detection technology has become one of important research fields innetwork information security.However, the magnanimity and unknown of systems and network data are bigchallenge to further development of the intrusion detection technology. The data miningtechnology, being capable of extracting efficient information from magnanimity data,has efficiently settled this tough issue. The introduction of cluster analysis from datemining technology enhances the capability that the intrusion detection systemestablishes monitoring models on the unlabeled dataset for the purpose of discoveringabnormal data. And it has the great research significance on performance improvementof detection system. Base on the theory of application of data mining technology in theintrusion detection system, this thesis present the improved algorithm of K-meansclustering analysis with the core of the application of clustering analysis in the intrusiondetection. The specific activities are identified as follows:First of all, the concept of data independence should be introduced into tectonictheory of the experimental data subset. In order to simplify the dimension of dataset, the degree of independence is used to evaluate the importance of each attribute. Then,staring from traditional K-means clustering analysis, point density is used to get theinitial clustering sets. With merging dataset into several initial clusters, splitting ofdatasets is achieved by using the MST clustering algorithm and traditional K-meansclustering algorithm. Consequently, the problem how to select initial clustering centersand to determine the value of K in traditional K-means clustering algorithm is settled.Finally, it is dataset KDD Cup99that is used to experiment on the application ofimproved algorithm in intrusion detection system, the experimental results showing: theimproved algorithm works better than traditional K-means algorithm at detection anderror rate, and increases the detection performance of intrusion detection efficiently.