Research of Intrusion Detection Based on Mixed Clustering Algorithm
|School||Xi'an University of Science and Technology|
|Course||Applied Computer Technology|
|Keywords||Intrusion detection Cluster analysis Dissimilarity matrix Rough set Genetic algorithm|
With the development of the network technology and the growing usage of network, thenumber of attacks is increasing. Nowadays, network security problems are increasingprominent, and how to find intrusion activities quickly and efficiently has become importantto the security of system and network resource. Intrusion detection is a new kind of securityprotect technology which follows the traditional security protect methods like firewall, dataencryption. Intrusion detection data sample in large quantities, feature attributes are many andhas various types, different types of sample size distribution. These makes the detection ratelow, algorithms have high time complexity and even can not detect unknown attacks. So, weuse the feature extraction and feature selection method of rough set and pattern recognition inthe feature selection of network intrusion detection and introducing clustering method andgenetic algorithm for network intrusion detection.First, we use the feature extraction which based on rough sets theory for theexperimental data set. Second, traditional clustering algorithm can not directly deal withdiscrete data set. we use a mixed data dissimilarity algorithm and combining it withk-medoids algorithm. Makes the clustering algorithm can deal with a mixed data set whichinclude continuous and discrete data. Last, traditional k-medoids clustering algorithm isdifficult to determine the number of existing clustering , sensitive to initial value and easy tofall into local optimal solution. So we present an unsupervised clustering algorithm whichcombing with genetic algorithm and k-medoids clustering algorithm. All of these methods areefficiently to solve the defects of traditional k-medoids algorithm. And the algorithm candistinguish new attack from already existed attack.Through the experiments in the KDD Cup 99 data set the improved algorithm is correctand effective. The introduction of rough set method improve the efficiency of intrusion detection algorithm, the application of dissimilarity matrix expand the adaptability ofintrusion detection algorithm, combine the genetic algorithm with k-medoids clusteringalgorithm makes the accuracy of intrusion detection algorithms tend to be more stable. Theseadvantages make the intrusion detection algorithm can adapt to the requirements of networksecurity situation.