| Cluster-based intrusion detection algor ithm has the advantages of low time complexity and without prerequisites for qualified training sets,etc.However,such algorithms are easy to fall into local optimum and are greatly affected by parameters and data types,affecting the clustering effect and the accuracy of intrusion detection.Based on the detailed analysis of traditional clustering algor ithms,a local density fuzzy C-means clustering algorithm is proposed and applied into intrusion detection technology in this paper.The works of this investigation are:(1)Local Density Fuzzy C-Means(LDFCM)clustering algor ithm is proposed.Aiming at the shortcomings of the fuzzy C-means clustering algor ithm,the initial clustering center is easy to fall into local optimum and the convergence speed is slow,the local density concept is introduced,which makes the algorithm quickly adjust the clustering center to achieve rapid convergence and effectively improve the clustering effect.(2)An abnormality detection method ADBNCG based on the change of center of gravity of the neighborhood is proposed.Based on the framework of LDFCM algor ithm,this paper takes the data object's center of gravity as a reference and combines the K-nearest neighbor idea to propose the "neighbor center of gravity change factor",which is used as an abnormality detection method to judge whether the data is an abnormal index.The method uses the improved fuzzy C-means clustering algor ithm to construct the normal behavior profile,calculates the neighborhood centroid change factor value of the data object in each cluster,and compares it with the abnormal threshold of the cluster to determine whether it is an abnormal point.(3)The proposed intrusion detection method was tested using the conventional data set KDD CUP 99 in intrusion detection.The experimental results show that the anomaly detection method based on the change of center of gravity of the neighborhood can better judge the abnormal points and have a good detection rate. |
PDF Full Text Request