IDS Based On Time Series Data

Since the birth of the concept of "Internet",network intrusion,malicious attack and other hacker technology has been a problem that has been plagued by universities,enterprises and governments.As long as the firewall is broken,hackers can easily steal and use data.Especially in today's increasingly developed network technology and communication means,network security is imminent.With the reduction of the technical threshold of network attack,the modern network attack means have the characteristics of attack intelligence,technology automation and means diversification.Therefore,we need a technology that can be active defense and self-learning to ensure the security of Internet communications.A class of general active defense model-Intrusion Detection System(IDS)arises at the historic moment.The traditional IDS exists the problems that it is slow to deal with high-dimensional dataset,with respond speed slowly,difficult to handle high-dimensional dataset,and it does not take full consideration of the effect that time series dimension on accuracy and so on.In the upsurge of machine learning's today,Many experts and scholars combine data mining technology and IDS model organically,forming an IDS framework based on machine learning,The new framework model improves some shortcomings of the traditional IDS model.It not only works well for massive high-dimensional data processing,but also has a good ability of self-learning and updating.It ensures the accuracy of the system while improving the speed of detection.The essence of the IDS model consists of two parts.First,the centroid of the dataset is analyzed by clustering algorithm,and the centroid is represented by the data characteristics.Then verify the effect of the center of mass by the classification algorithm.The classical K-means clustering algorithm can deal with massive dataset,but the undesirable initial cluster centers can not lead to the desired results.At the same time,the noise of the time dimension characteristics of dataset and the jitter of amplitude and frequency shift will have an impact on the clustering results.Therefore,this paper proposes an improved IDS model ACS-K to solve these two problems.This paper mainly contains three parts:(1)First,it expounds the concepts of IDS model and time series data,and explains the related learning technologies.(2)an IDS model ACS-K is proposed,this model improves the K-means clustering algorithm firstly,useing the adaptive step size cuckoo search algorithm to optimize the initial clustering center,to avoid the shortcoming that K-means algorithm is sensitive to initial clustering centers.At the same time,it adjusts the probability of discovery,to find a more suitable value for searching the optimal solution.Then,by dynamically adjusting the distance formula makes the tolerance of the previous centroid of the cluster to the timing characteristics get higher,reducing the effect of deformed time series characteristics to the overall characteristics.and it gradually reduces tolerance in clustering and keeps sensitivity to time series characteristics.(3)It makes relevant experiments on the proposed ACS-K model,The experimental results show that the ACS-K model can make the centroid of the final cluster more stable and the clustering effect is better.Different classifiers are able to judge the testset by the data characteristics,and the accuracy is increased.It is proved that the ACS-K model is more complete in identifying foreign data,has higher accuracy of judgement,and has a certain robustness and generalization ability.