Research On Intrusion Detection Technology Based On Clustering Analysis

With the rapid development of modern information technology, network security has become the focus of people's attention. The common network security technology such as firewall has been unable to adapt to the increasingly complex and diverse network environment. Therefore, the intrusion detection system came into being. However, due to the ever-changing network security vulnerabilities and intrusion methods, the detection performance of the intrusion detection system is put forward higher requirements.Abnormal data mining techniques can be used to detect the effect of intrusion detection system based on data mining technology, which can improve the detection effect of the intrusion detection system, so that it can enhance the detection effect of the intrusion detection system. However, traditional intrusion detection algorithm still has high detection rate error and defect detection model description ability is insufficient. In this paper, based on the basic principles of intrusion detection, defects and its development, this paper designs a new intrusion detection technology based on clustering analysis, and implements an efficient and low cost intrusion detection system. The main research contents of this paper are as follows:(1) This paper summarizes the basic principles of the traditional K-means algorithm, and analyzes the shortcomings of the K-means algorithm in the application of intrusion detection system. In view of the disadvantages of the initial value sensitivity, unstable initial cluster center, vulnerable to the impact of the isolated point, the convergence effect of the potential risks and other aspects of the local optimization, this paper present an effective optimization algorithm.(2) Through the study of the K-means algorithm and the minimum spanning tree, using pruning technique to eliminate the influence of outlier on the clustering effect, using effective index calculation to find out the optimal number of clusters, and selecting the initial cluster centers dynamically, so that the final clustering result has good stability.(3) Based on the Snort intrusion detection system, adopting the optimized K-means algorithm to establish normal behavior pattern library by adding the clustering analysis module. This paper designs the intrusion detection system model based on clustering analysis, which can improve the detection performance of the intrusion detection system.(4) Using intrusion detection dataset KDD Cup 99 to carry up experiment on the improved algorithm.What's more, this paper carry up the simulation experiment on the designed intrusion detection system model. The experimental results show that the intrusion detection system model that this designed can improve the detection rate, reduce the error detection rate, and effectively improve the detection performance.Therefore, the model of intrusion detection system based on clustering analysis is feasible, and it can provide reliable and accurate detection results.