Research On Outlier Detection Algorithm And Its Application In Network Intrusion Detection System

With the continuous development of computer network,Internet technology provides people with convenient life,at the same time,the problems of network security also follow.Therefore,network intrusion detection technology has been widely concerned.Outlier detection is a common method of intrusion detection,which aims to effectively identify the abnormal data in the dataset and mine meaningful potential information in the dataset,its core is to extract the information in the network and analyze the related anomalies.With the popularization of computer network,the network data generated by various applications increases exponentially every day.Traditional outlier detection methods have been difficult to deal with the massive data,especially to find abnormal intrusion information from the massive data.At present,there are two urgent problems in outlier detection: 1.The network data is massive,so the outlier detection method is difficult to adapt to the large-scale dataset,and the calculation cost is high;2.The uncertainty of parameter selection exists in the process of outlier detection,which affects the accuracy of outlier detection.Aiming at the above problems,this paper improves the traditional outlier detection algorithm and applies it to network intrusion detection,so as to judge the normal and abnormal behaviors in the network dataset.The work of this paper can be summarized as follows:(1)By studying the clustering method,a dataset optimization method based on grid clustering is proposed.How to quickly and accurately identify the abnormal information in the massive network dataset is very important.In order to improve the algorithm efficiency of outlier detection,this paper proposes a dataset optimization method based on grid clustering.In this method,the concepts of partition function(P)and threshold function(T)are introduced.Through the partition function and the threshold function,the massive data in the network is preprocessed.The dataset optimization method initializes the original data whose density is greater than a certain threshold,so as to extract the dataset with abnormal bias.The experimental results show that the dataset optimization method based on grid clustering proposed in this paper reduces the time complexity of the anomaly detection algorithm,improves the operation efficiency of the algorithm.(2)By studying the density-based outlier detection algorithm,an improved parameter-free outlier detection algorithm is proposed.With the deepening of anomaly detection research,a variety of outlier detection methods have been proposed.The appropriate outlier detection methods can help people to reveal abnormal phenomena and find potential abnormal behaviors.In order to improve the performance of outlier detection,this paper proposes an improved outlier detection algorithm.The idea of this algorithm is that the number of data objects per unit area is closely related to the density of datasets.The improved outlier detection algorithm can reduce the time complexity of the algorithm.However,the algorithm is difficult to solve the important problem of parameter selection.Therefore,by studying the density-based outlier detection algorithm,this paper proposes an improved parameter-free outlier detection algorithm.In this algorithm,we first propose the concept of the number of residual neighbors and take the number of residual neighbors and the size of data cluster as the basis of outlier detection,so as to get a more accurate set of outliers.Experimental results show that the outlier detection algorithm proposed in this paper can effectively identify the abnormal data in the dataset.(3)The intrusion detection system is designed by studying the outlier detection algorithm proposed in this paper.The intrusion detection system designed in this paper mainly includes two parts: data collection and data analysis.The main function of the data collection module is to collect network data from the client and submit the forensics requirements to the server through the personalized forensics module.The main function of data analysis module is to detect the collected system information on the server-side,and then show the results of intrusion detection.