Intrusion Detection Alarm Filtering Technology Based on Ant Colony Clustering Algorithm

摘要

Along with the increase of network attacks, network information security has become a globally concerned issue. At present, mainstream intrusion detection systems have the universal problems of massive alarm information and high false alarm rate. Therefore, a data mining technology is proposed in this article in order to reduce the quantity of the false alarms generated by intrusion detection systems and meanwhile improve the detection accuracy, wherein such data mining technology is an unsupervised clustering method based on hybrid ant colony algorithm and can be used to detect intruders' collective behaviors, without the need to know the prior knowledge. Meanwhile, we adopt K-means clustering algorithm to accelerate the convergence rate of the Ant Colony algorithm. Actually, the experimental result shows that the method proposed thereby has higher detection rate but lower false alarm rate.