Research On Intrusion Detection Based On Clustering And Outlier Detection

Today with the rapid development of the Internet,traditional firewalls,control access and other protection measures have been unable to meet the growing demand for network security.As intrusion detection with active defense function,it can make up for the lack of traditional security means and enhance the security of network systems,so is increasingly valued by researchers.Nowadays,the means of network attack are changing rapidly,which also leads to the traditional intrusion detection methods which construct attack pattern base by statistical model or algorithm are helpless for unknown types of intrusion.In addition,how to quickly and effectively discover intrusion behavior in massive network traffic and log audit information is also a hot spot in today's intrusion detection research.In view of the above problems,this paper introduces improved clustering and outlier mining algorithms into intrusion detection.The specific work is as follows:(1)In-depth study of intrusion detection technology,and a detailed introduction to the definition,mode and classification of intrusion detection.Besides,by analyzing the research status at home and abroad,and combining the problems faced by today's network security,the practical significance of intrusion detection research is pointed out.(2)The clustering algorithm is studied in detail,and the definition and classification of the clustering algorithm are introduced in detail.In the light of the rapid increase of network traffic data and the low efficiency of traditional clustering algorithms,MFCBR an improved clustering algorithm is proposed and applied to intrusion detection.(3)In-depth study of outlier mining algorithm,detailing the definition and classification of outlier mining algorithm.In the light of the problem that the traditional intrusion detection method can not detect the intrusion behavior of unknown type,LOGD a local outlier mining algorithm based on grid query is proposed,and the outlier algorithm is applied to intrusion detection.(4)The experimental standard data set KDD CUP 99 is briefly introduced and preprocessed.In the experiment,the training set and the test set are obtained by sampling,and the detected abnormal data is marked,and the accuracy and error of the detection results are compared by comparing the accuracy and error detection rate of different algorithms to verify the validity of the algorithm.In addition,synthetic data sets are introduced,and test results of different algorithms are presented by constructing test result images.Experimental results show that the proposed algorithm has higher detection accuracy in the KDD CUP 99 sets of data and synthetic data sets,which also proved that the proposed algorithm has good universality and having a certain theoretical and practical value.The innovation of this paper lies in the following two aspects:(1)An improved clustering algorithm MFCBR is proposed.The clustering algorithm uses grid density difference to mesh merge,and then uses the distance relationship between grid centroid and center to process the noise data of the boundary grid.Clustering accuracy.(2)LOGD a local outlier mining algorithm which is based on grid query is proposed.The algorithm assigns the detected data to the divided grid.When k neighbors of the data need to be calculated,it can be searched from the grid or nearest neighbor grid of the data,which greatly reduces the algorithm k nearest neighbors.The amount of calculation of the distance speeds up the detection.