Research of Intrusion Detection Based on Clustering Analysis
On the basis of the research of existing intrusion detection technology, the paper establishes an intrusion detection model based on clustering analysis. It perfects the shortcomings existing in traditional one. Meanwhile, in order to improve the shortage
- PDF / 131,707 Bytes
- 7 Pages / 439.37 x 666.142 pts Page_size
- 47 Downloads / 227 Views
Research of Intrusion Detection Based on Clustering Analysis Mingjun Wei, Lichun Xia, Jianguo Jin, and Chen Chen
Abstract On the basis of the research of existing intrusion detection technology, the paper establishes an intrusion detection model based on clustering analysis. It perfects the shortcomings existing in traditional one. Meanwhile, in order to improve the shortages of traditional clustering analysis algorithm k-means that it needs to know the number of clustering at the beginning and it is sensitive to initial clustering center, improved k-means algorithm is put forward. It chooses authority data set KDD Cup1999 in the intrusion detection field as experimental data to verify its performance. The experiments show that this algorithm has higher detection rate and lower false positive rate Keywords Intrusion detection • K-means • Clustering analysis • Data mining
252.1
Introduction
As the scale of network continues to expand and network speed continuously improves, existing intrusion detection system will have a lot of omission problems. However, because most intrusion detection system usually uses schema matching method which compares the collected network data with the known attack rules in the database, it has high detection efficiency to the known attacks. But for some unknown attacks or known variations of the attack it is unable to accurately detect, so it has the problem of high false positive rate. Due to the above, improving existing intrusion detection methods, increasing intrusion detection speed and
M. Wei (*) • L. Xia • J. Jin • C. Chen College of Information Engineering, Hebei United University, 46 West Xinhua Road, Tangshan, China e-mail: [email protected]; [email protected]; [email protected]; [email protected] S. Zhong (ed.), Proceedings of the 2012 International Conference on Cybernetics 1973 and Informatics, Lecture Notes in Electrical Engineering 163, DOI 10.1007/978-1-4614-3872-4_252, # Springer Science+Business Media New York 2014
1974
M. Wei et al.
lowering intrusion detection false positive rate have become one of the important development direction of existing intrusion detection system. Data mining can find out effective, novel model from a large number of storage data, so it is can be used in network intrusion detection [1].
252.2
Intrusion Detection
Intrusion detection method [2, 3] mainly includes misuse detection and anomaly detection two methods. Misuse detection is a behavior detection based on attack characteristic pattern matching. This method has very high attack efficiency for known attacks, but it cannot detect some unknown attack or known variations of the attack. Anomaly detection is a detection behavior based on behavior statistic analysis. One of the advantages of the anomaly detection is that it can detect unknown intrusion.
252.3
Intrusion Detection Model Based on Clustering Analysis
The major disadvantage of network intrusion detection system based on existing data mining is that it has low mining speed and accuracy. In order to overcome these
Data Loading...
