Intrusion detection algorithm based on density, cluster centers, and nearest neighbors

摘要

Intrusion detection aims to detect intrusion behavior and serves as a complement to firewalls. It can detect attack types of malicious network communications and computer usage that cannot be detected by idiomatic firewalls. Many intrusion detection methods are processed through machine learning. Previous literature has shown that the performance of an intrusion detection method based on hybrid learning or integration approach is superior to that of single learning technology. However, almost no studies focus on how additional representative and concise features can be extracted to process effective intrusion detection among massive and complicated data. In this paper, a new hybrid learning method is proposed on the basis of features such as density, cluster centers, and nearest neighbors (DCNN). In this algorithm, data is represented by the local density of each sample point and the sum of distances from each sample point to cluster centers and to its nearest neighbor. k-NN classifier is adopted to classify the new feature vectors. Our experiment shows that DCNN, which combines K-means, clustering-based density, and k-NN classifier, is effective in intrusion detection.