Traditional intrusion detection system is matched to the rule base and network packet one by one. When the network is the huge increase in the amount of data,detection efficiency significantly reduces,even in the face of enormous challenges not immediately detec-ted. Data mining is a technology finds a variety of valuable information from the mass of data,data mining technology into the intrusion detection system will greatly improve efficiency and intelligence of this IDS. Focus on researching the K -means clustering algorithm in data mining for application to intrusion detection system. The K -means algorithm has some shortcomings,such as to be affected by the in-itial K value and outlier,difficulty of determining K value,highly depending on the initial center point. To overcome these disadvantages, an improved K -means clustering algorithm is proposed. And an intrusion detection system based on this is designed. The results show that the improved clustering algorithm is applied to intrusion detection,it can significantly improve the abnormality detection efficiency,and a-daptively establish the abnormal pattern database of intrusion detection,and effectively prevent the unknown intrusion and greatly reduce the false detection rate.%传统的入侵检测系统是将规则库与网络数据包逐一匹配,进行检测,当网络数据量巨增时,检测效率显著降低,甚至面临不能即时检测的巨大挑战。数据挖掘是从海量的数据中挖掘发现需要的各种有价值信息的技术,入侵检测系统中植入数据挖掘技术,将极大提高入侵检测系统的检测效率和智能性。研究了数据挖掘中 K - means 聚类算法应用于入侵检测领域中的难点问题。 K - means 算法具有易受初始 K 值和孤立点影响,难以确定 K 值,对初始质心依赖程度高等不足问题。针对上述缺点,提出了改进的 K - means 聚类算法。设计了基于改进 K - means 的入侵检测系统并进行了实验。结果表明,将改进的聚类算法应用于入侵检测可显著提高异常检测效率;可自适应地建立入侵检测异常模式库;对未知的入侵攻击能有效防范;能进一步降低误检率。
展开▼
