A Study on the Combination of K-means and Differential Evolution for Intrusion Detection

• Main Authors: Yi-Chen Pan, 潘宜蓁
• Other Authors: Prof. Tsang-Long Pao
• Format: Others
• Language: zh-TW
• Published: 2009
• Online Access: http://ndltd.ncl.edu.tw/handle/43394983331627791312

碩士 === 大同大學 === 資訊工程學系(所) === 97 === A network based intrusion detection system that examines the network packet to find possible intrusion events is gaining its popularity in recent years. This mechanism can keep the system hiding from being discovered by the intruder. When incorporate with other network devices such as the router or layer 2 switches, it is possible to establish a real time intrusion protection system to protect the user devices or servers. However, one of the most serious problems of this mechanism is its low detection rate which may generate a huge amount of warning messages. The event report will let the administrator hard to handle and may make the system useless when the administrator completely ignore the warning messages. In this study, we propose a clustering algorithm to improve the detection rate of the network based intrusion detection system. We first use K-means algorithm to find the near optimal cluster center and then use the differential evolution algorithm to find the optimal center and the most appropriate number of clusters. In the detection phase, we use the distance between the input sample and the cluster center to classify the sample to the closest cluster and determine whether it is normal or not. The KDD CUP 99 data set is used to evaluate the detection performance. The experimental results reveal that the proposed algorithm can provide better detection rate then the K-means algorithm alone while reduce the time complexity of using the differential evolution alone.