Hierarchical Clustering Algorithm Based On Ant Colony Optimization And Its Application In Network Forensics

With the development of information technology,there are a lot of phenomena about information.The network produces various forms of data every day,and various types of network security problems are appeared.In this case,social and legal force is used to deal with the criminal activities which are carried out by computer network.Therefore,network forensics technology arises at the moment and develops rapidly.Its key point is to extract and analyze the data in the network.In this paper,the clustering method is used to analyze and process the data in the network,and finally,the normal behavior and abnormal behavior are judged.Firstly,some important methods of network data processing is studied and discussed,and then the feature selection method is used to preprocess the data in the network.This is to reduce the complexity of subsequent clustering analysis.Finally,the data information is analyzed using hierarchical clustering.The main work of this paper includes the following three aspects:(1)The feature selection method was studied,and an improved feature selection algorithm based on maximum nearest neighbor rough approximation was proposed.Because of the high dimensionality and multi feature of the data in the network,it is very important to select the optimal features.By determining the nearest neighbor of the sample,the feature selection algorithm based on the maximum nearest neighbor rough approximation can directly deal with the mixed data.But because this method only considered the importance a single attribute relative to the decision result when it calculates of the importance of attributes,the evaluation criteria was redefined in this paper.And then a forward greedy search strategy was used to select feature.Finally,the best subset of feature was chosen.Experimental results showed that the proposed method can reduce the number of features and improve the classification performance.(2)In order to solve the problem of how to select the appropriate merged points,an agglomerative hierarchical clustering algorithm based on ant colony optimization was proposed.The hierarchical clustering algorithm will not be modified once the split class or the merged class is implemented.So the low quality clustering results will be generated.In order to get high quality clustering results,the ant colony optimization algorithm was used.Firstly,the state transition rule was used to determine the next merged data point in the agglomerative hierarchical clustering algorithm.Then the optimal path was searched by pheromone update rule.Experiments showed that compared with the traditional clustering algorithm,the algorithm in this paper has higher accuracy and better clustering effect.(3)A network forensics system based on ant colony optimization and agglomerative hierarchical clustering was designed.Based on the analysis of network data,the corresponding function module was designed for each process.The improved feature selection based on the maximum neighbor rough approximation algorithm and agglomerative hierarchical clustering algorithm based on ant colony optimization were applied to the corresponding module.Finally,the framework of network forensics system based on ant colony optimization and agglomerative hierarchical clustering was achieved.The system can effectively analyze the network data and judge the behavior of the network.