| Intrusion detection is an important part of information security architecture, which is aproactive security technology.With the continuous improvement of network attack technology,it is necessary to improve network intrusion detection technology to address the growingimperative attacks.Currently, most of the intrusion detection algorithms must have a label or completenormal data for training, in this paper,unsupervised fuzzy c-means clustering (FCM)algorithm is applied to intrusion detection,making intrusion detection system can directly dealwith unlabeled network data.The author improved traditional FCM algorithm, modifiedunsupervised clustering results use of amendments to improve the accuracy of intrusiondetection and adaptive. The main work as follows:Firstly, this paper introduced the concept of intrusion detection and unsupervisedclustering analysis and indicated current problems in intrusion detection.Studyingunsupervised cluster in intrusion detection, providing a theoretical foundation in applyingcluster analysis to the intrusion detection system.Secondly, using the advantage of pso algorithm achieve the global optimal easily,putting forward a new kind of improved FCM algorithm to solve the FCM is applied tointrusion detection system into the shortcoming of local optimum easily. The experimentalresults show that the intrusion detection system, the improved algorithm of FCM algorithmhas higher accuracy than the original. In addition, aimming at the situation of cluster numbersmay not correspond with the actual situation,anthor put forward an adaptive decision clusternumbers method, twhich according to the specific data to determine the different threshold,making the division of normal and abnormal data are more accurate, improving the adaptiveability of the algorithm.Thirdly, the author put forward a kind of improved Apriori algorithm which can improveefficiency and reduce the computational complexity,and used it for a correlation correctionto unsupervised cluster algorithm, so as to effectively reduce the false alarm.Finally,designed a kind of unsupervised intrusion detection model based on correlationcorrectionand verified it using KDD Cup1999data, the experiment results showed thatintrusion detection system through associated amendment had a better accuracy. |
PDF Full Text Request