Research Of Network Intrusion Detection Method Based On Unsupervised Clustering

Network intrusion detection technology is an important defense against network intrusion,anomaly detection network intrusion detection is the core technology.Anomaly detection does not depend on a priori knowledge,it has better characteristics of active defense.Knowledge and data mining combines anomaly detection technology is currently the key issue of network security environment studies.Cluster analysis is a method based on mining analysis divided data based anomaly detection technology cluster analysis,not only to normal behavioral characteristics of mining system model,but can proactively uncover unknown variants of behavior and intrusion,network security for today's massive data requirements.This article will be a specific cluster analysis and intrusion detection combined classical k-means,Fuzzy ART,kohonen clustering algorithm,analyze the characteristics and shortcomings of these algorithms,the article propose two improved algorithms for detecting network intrusion.Then compare the effect of improving the experimental simulation algorithm for intrusion detection.Firstly,based on Fuzzy ART Improved k-means algorithm.Use Fuzzy ART clustering process can automatically generate features of the new node,the initial raw data clustering,in line with data distribution center provides classes and class number k is a k-means.Secondly,to improve the network learning kohonen weight adjustment mode.Introduced in the learning process in the traditional kohonen network membership,were the winning field-based learning neurons membership of ways to improve the way that neurons in learning to learn better reflect the characteristics of the sample.Subsequently,Fuzzy k-means algorithm based on the improved proposed model of network intrusion detection system after the transformation,the main analysis workflow cluster analysis and anomaly detection two modules.Finally,experimental analysis,using traditional Fuzzy ART,k-means and improved FART k-means algorithm in two different standard set of network intrusion data comparison test,the results show that the improved FART k-means algorithm in detection accuracy and some improvement on clustering speed.Similarly,the use of traditional kohonen and improved I-kohonen simulation algorithm comparison test results show that the improved algorithm I-kohonen intrusion detection data can improve the detection rate.