Application research of improved K-means algorithm in intrusion detection

Abstract

An improved K-means clustering algorithm is put forward on basis of the split-merge method for the purpose of remedying defects both in determination of value in K and in selection of initial cluster centre of traditional K-means clustering. At first , the concept of independence degree of date was incorporated into the experimental date subset construction theory , using independence degree to evaluate the importance of nature.Next ,the database is merged into several classes in respect of density of date points ,the combination of the minimum spanning tree algorithm and traditional K-means clustering algorithm is conducive to the achievement of splitting .Eventually ,the KDD Cup99 database is applied to conduct simulation experiment on the application of the improved algorithm in intrusion detection .The results indicate that the improved algorithm prevails over traditional K-means algorithm in detection rate and false alarm rate. With the popularity of computer application in the field of all over the world, the Internet is a unique way of changing people's study, work and daily life. However, with the improving of the network utilization, threats to network security is becoming more and more diversified, network security problem has become one of the important issues in the world today. At the same time, the static security technology can't meet the demand of modern network security problem day by day serious, therefore an act that can detect Intrusion and active security defense technology, Intrusion Detection System, IDS, arises at the historic moment. This study based on data mining technology applied in the intrusion detection system based on the related theory of, in the study of data mining algorithms-K-means algorithm of clustering algorithm, combined with the graph theory put forward by the Zahn clustering algorithm (called a minimum support tree clustering algorithm) to the traditional K-means algorithm to enhance and improve the algorithm. Intrusion detection and clustering analysis Intrusion detection, whether using analysis to identify outliers from the group, or by building a classifier classification of the intrusion events are trained to detect intrusion by unknown data, is a study of anomaly detection based on unsupervised clustering algorithm. Unsupervised clustering is a kind of learning method based on statistics theory, its biggest characteristic is based on V apn ik structural risk minimization principle, and try to improve generalization ability and learning algorithms, the unsupervised clustering algorithm applied to intrusion detection, can guarantee in the case of a priori knowledge is insufficient still has higher detection rate, so as to make the intrusion detection system has good detection performance. Clustering analysis and association rules and sequence pattern analysis combine to make the analysis of the data mining in three important ways. Clustering algorithm characteristics analysis was carried out on the training data set, the similar data into the same class. K-means cluster analysis as a classical algorithm of clustering algorithm in intrusion detection application in two stages: the first stage, the training module build classifiers; The second phase , detection engine based on discriminant classifier the behavior of each type.