Application Research Of Improved K-means Algorithm In Network Intrusion Detection

With the progress and development of computer and network technology,network data volume present exponential growth and it is not easy to intuitively find the real valuable data,and many of useful data are often hidden in the huge amount of data,thus data mining technology came into being with the arrival of large data era.Data mining technology is a new technology discipline by which people can discover the potential value and useful information of the data.The core function of data mining is to make full use of the data value and provide scientific and reasonable basis for people's decision analysis.C lustering analysis is an important branch of data mining,and its principle is to divide the data into different classes based on the similarity of data.C luster analysis is widely used for machine learning,artificial intelligence,medicine,network security and other fields to provide an important technical support.Partitional clustering is a common algorithm in clustering analysis algorithms,and its simple and efficient features are widely used in various fields.Among them,K-means is the most common,and its realization princip le is simple and the algorithm is more efficient.However,since the K-means algorithm is sensitive to the initial clustering center,its application has also been subject to many restrictions.In this paper,we present a method to optimize the initial clustering center of K-means,and apply this improved algorithm to construct the network intrusion detection model.The key points are:(1)The superior initial clustering center of the K-means algorithm should be chosen from the data objects that are far apart from each of the data set or the data objects near the center of the class.Based on the idea of density,the dense data distribution of data objects are filtered out as high-density objects,and k objects with the largest possible distance are extracted from the high-density objects,and the initial classes are divided based on these objects.Then,we use the particle swarm algorithm to iterate and optimize in each class until the maximum number of iterations,and output k global optimal points as the initial clustering center of K-means algorithm.The validity of this optimization algorithm is verified on multiple data sets and the experimental results show that the clustering effect of this optimization method is better than that of the original K-means algorithm.(2)The K-means algorithm is improved according to the initial clustering center optimization method and applied to the detection of network intrusion data,and a network intrusion detection model based on clustering is established.The mode l includes intrusion data collection and preprocessing,C lustering,class tag,difference analysis and other modules.This model is used to test and analyze the commonly used network intrusion data set and the test results show that the intrusion detectio n model has better intrusion detection effect than the detection method based on the K-means.