| Currently network technology is highly developed, application of Internet has penetrated all aspects of society, greatly promoted social development. But the Internet security issues are also more serious, hacker attacks, privacy leaks and other events are emerged in endlessly, network intrusion has even pose a threat to our national security, the research on the network security is very necessary. Among the network security technology, intrusion detection is a technology to detect abnormal network activity by scan and analysis the network data flow. This technology can effectively find intrusion behavior, is currently one of the research hotspots in the field of network security.Among the two algorithms of intrusion detection: clustering and support vector machines, the detection speed and precision of SVM is high, but SVM training requires labeled samples. Clustering algorithms can classify samples without labeled samples, but the detection accuracy and detection speed is not ideal. This paper combines the clustering algorithm and SVM algorithm, just need to label a few data of training dataset and use those data to search parameters, then using clustering algorithm to classify unlabeled samples, next use those samples as the training data of SVM. In this way, the SVM training can be completed without manually marked samples. The established SVM model can be used to detect test datasets in in detection phase. The combination of two algorithms can integrate the advantages of two algorithms, and compensate for the disadvantages of each algorithm, making preparations for the training data more convenient, and the practicability of the algorithm is higher.In the field of hierarchical clustering, this paper proposes an improved hierarchical clustering algorithm through research, mainly for the two aspects: first add a distance matrix in the cluster computing process, store the distance value needed in the calculation, the clustering speed is increased in ensuring the accuracy of the case, make training of intrusion detection system more efficient. The second is this paper proposes a new clustering parameter seek algorithm. This algorithm can quickly find the best value of a clustering parameter, simplify the parameter determination process, improve the operating efficiency of the algorithm, can complete the relevant experiments more effectively.For research, the paper design and implement intrusion detection experimental system based on Visual C ++ platform, contains data preprocessing, parameter determination, training data, data detection modules. The system is fully functional, capable of handling intrusion data using SQL database. In the data preprocessing module, this paper designed a universal quantification method to quantify the various data sets, extends the use of system, this method can automatically identify the string in the data set, and assigns a unique number to each string to complete the quantification. Through the related intrusion detection experiment using this system, and compare with the existing research, the algorithm researched in this paper can effectively detect intrusions... |
PDF Full Text Request