A Two-step Intrusion Detection Research Based On Improved Dynamic Clustering Algorithm

With the development of network information, the way of network attack is constantly upgrading and changing. Traditional network firewall technology can only static intercept known attacks, but powerless to unknown attacks. Therefore, intrusion detection technology arises at the historic moment. Intrusion detection technology based on the key point in system or network monitoring and data collection, and to analyze the collected data, discover the existing attack.In this paper, a new algorithm is proposed based on dynamic clustering algorithm, which is based on the dynamic clustering algorithm, because of the serious dependence of the conventional dynamic clustering algorithm on the number of predefined clusters and the initial cluster centers. First, the principle of the conventional dynamic clustering algorithm and the K-means method is introduced, and its inherent shortcomings and limitations in the field of intrusion detection are pointed out. Then, In view of the conventional dynamic clustering algorithm and K-means algorithm relies heavily on the number of predefined clusters and the initial center of the defect, and the corresponding improvements are made on the basis of the dynamic clustering algorithm. By comparing the test data type are consistent with the actual data type to dynamically generate the number of clusters, the same data types can have more than one sub class, sub class between the cluster space is independent. At the same time, in order to improve the detection efficiency of the system, this paper used the "two-step" detection scheme, is all normal data class set a cluster radius, in intrusion detection first according to the distance of the data and normal data class to determine whether it is normal data, if intrusion data to attack type judgment.Finally, the algorithm is tested by using the MATLAB tool and the CUP99 KDD data set of some data. Test results show that the improved dynamic clustering algorithm in data detection with high detection rate; at the same time, on the detection time, use the "two-step method" shorter than the conventional "one-step" method, detection efficiency has improved.