聚类技术在入侵检测中被广泛研究,但是传统的K⁃means算法对初始值敏感,无法取得理想的效果;层次聚类算法时间复杂度高,性能较差。针对这些问题,设计了一种改进的K⁃means算法:算法优化孤立点和噪声处理能力,根据有效性指标获得最优K值,在此基础上,动态选取初始聚类中心进行聚类,可以取得较好的聚类效果。采用数据集KDD Cup99将改进的算法应用于入侵检测,进行仿真实验。实验结果表明,改进的算法有效地提高了检测率和降低了误检率,与现有算法相比具有一定的优势。%Clustering technique has been extensive researched in intrusion detection, but the traditional k⁃means algorithm is sensitive to initial values,unable to obtain the ideal effect. Hierarchical clustering algorithm time complexity is high and poor performance. To solve these problems,an improved K⁃means algorithm is presented in this paper. Outlier and noise pro⁃cessing capacity are optimized. The initial clustering center are selected dynamically, according to optimal K values which is obtained by the effectiveness indicator. The KDD Cup99 datasets is applied to conduct simulation experiment on the applica⁃tion of the improved algorithm in intrusion detection. The experiments show that the detection rate is improved effectively and the false positive rate is reduced. The improved algorithm than the existing algorithm has certain advantages.
展开▼
