Mixed Intrusion Detection Algorithm Based on k-means and Decision Tree

doi:10.3969/j.issn.1006-2475.2017.12.003

Abstract

Abstract: With the growth of the network complexity, the traditional intrusion detection methods have been unable to meet the high-level security requirements. How to use data mining algorithm to improve accuracy rate of intrusion detection is a hot spot in current research. For this purpose, a hybrid intrusion detection algorithm based on k-means and decision tree algorithm (KDI) is proposed. Firstly, an improvement on data discretization method is advanced, in order to obtain high quality sample data, and then the k-mean algorithm is utilized to classify the sample data based on the feature of slight difference between information divergence ratio in many real situations, subsequently, the decision trees is constructed, therefore, the detection rate is enhanced. The experimental results show that the KDI algorithm can effectively detect both known and unknown intrusion behaviors sealed in network data.

Key words: k-means, decision tree, intrusion detection, data discretization

CLC Number:

TP391.4

LI Peng， ZHOU Wen-huan. Mixed Intrusion Detection Algorithm Based on k-means and Decision Tree[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2017.12.003.

References

［1］蒋建春,马恒太,任党恩,等. 网络安全入侵检测: 研究综述［J］. 软件学报, 2000,11(11):1460-1466. ［2］卿斯汉,蒋建春,马恒太,等. 入侵检测技术研究综述［J］. 通信学报, 2004,25(7):19-29. ［3］李云婷,夏仲平,熊婧. 入侵检测系统的多层次混合评价方法研究［J］. 计算机科学, 2015,42(s1)：425-428. ［4］华铭轩,张峰军. 大数据环境下的入侵检测系统框架［J］. 通信技术, 2015,48(11):1300-1304. ［5］夏秦,王志文,卢柯. 入侵检测系统利用信息熵检测网络攻击的方法［J］. 西安交通大学学报, 2013,47(2):14-19. ［6］龚良强,殷小虹. 基于协议分析的入侵检测系统的设计［J］. 信息通信, 2014(6):90. ［7］马志远,曹宝香. 改进的决策树算法在入侵检测中的应用［J］. 计算机技术与发展, 2014,24(1):151-154. ［8］膝少华，严远驰，刘冬宁，等. 基于FCM-C4.5的双过滤入侵检测机制［J］. 计算机应用与软件， 2016,33(1):307-311. ［9］Pfahringer B. Winning the KDD99 classification cup: Bagged boosting［J］. ACM SIGKDD Explorations Newsletter, 2000,1(2):65-66. ［10］占善华,张巍,滕少华. 基于核表示的协同入侵检测方法［J］. 计算机工程与设计, 2013,34(7):2310-2314. ［11］周静,赵鲁阳,罗炬锋. 基于时域特征提取的围栏入侵模式分类方法［J］. 计算机工程与应用, 2016(12):1-8. ［12］任晓芳,赵德群,秦健勇. 基于随机森林和加权K均值聚类的网络入侵检测系统［J］. 微型电脑应用, 2016,32(7):21-24. ［13］Zhang Jiong, Zulkernine M. Anomaly based network intrusion detection with unsupervised outlier detection［C］// 2006 IEEE International Conference on Communications. 2006:2388-2393. ［14］Pan Zhi-song, Chen Song-can, Hu Gen-bao, et al. Hybrid neural network and C4.5 for misuse detection［C］// Proceedings of the 2nd IEEE International Conference on Machine Learning and Cybernetics. 2003:2463-2467. ［15］Peddabachigari S, Abraham A, Grosan C, et al. Modeling intrusion detection system using hybrid intelligent systems［J］. Journal of Network and Computer Applications, 2007,30(1):114-132. ［16］Xiang C, Yong P C, Meng L S. Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees［J］. Pattern Recognition Letters, 2008,29(7):918-924. ［17］贺跃,郑建军,朱蕾. 一种基于熵的连续属性离散化算法［J］. 计算机应用, 2005,25(3):637-638. ［18］Fayyad U M, Irani K B. On the handling of continuous-valued attributes in decision tree generation［J］. Machine Learning, 1992,8(1):87-102. ［19］陈臣，周炎涛. 基于改进信息熵离散化算法的研究［DB/OL］. http://www.paper.edu.cn, 2011-06-11.

[1]	HAN Xue. Multi Path Planning Based on Constrained Clustering and Particle Swarm Optimization [J]. Computer and Modernization, 2023, 0(08): 7-11.
[2]	WANG Yi-cheng, ZHANG Guo-liang, ZHANG Zi-jie, . Small Object Detection Method Based on Improved YOLOv5 [J]. Computer and Modernization, 2023, 0(05): 100-105.
[3]	PAN Yu-qing, ZHANG Su-ning, FENG Ren-jun, JING Dong-sheng. Intrusion Detection Method Based on Particle Swarm Optimization Combined with LightGBM [J]. Computer and Modernization, 2023, 0(04): 123-126.
[4]	ZHANG Zi-sen, XU Xiao-zhong. Load Forecasting Based on Decomposition and Multi-component Ensemble Learning [J]. Computer and Modernization, 2023, 0(03): 96-101.
[5]	ZHANG Zi-xuan, SHA Xiu-yan, XIAO Fei, SU Bao-chan, SUI Yu-lu, MENG Zi-chen. Research and Application of Hesitant Fuzzy Canopy-K-means Clustering Algorithm [J]. Computer and Modernization, 2022, 0(11): 17-21.
[6]	PENG Lu-lu, ZHU Yuan-yuan, JIN Wen-qian, WANG Xiao-mei. Surface Defect Detection of Automotive Steel Parts Based on Improved YOLOv4 [J]. Computer and Modernization, 2022, 0(09): 32-39.
[7]	SHEN Zhi, XU Li, FU Xiang-yuan. Traffic Sign Detection in Blurred Light Scenes Based on Improved YOLO v4 [J]. Computer and Modernization, 2022, 0(07): 27-32.
[8]	RAO Hai-bing, ZHU Su-lei, YANG Chun-xia. Network Intrusion Detection Model Based on Space-time Feature Fusion and Attention Mechanism [J]. Computer and Modernization, 2022, 0(06): 116-121.
[9]	. Multi-view Point Cloud Registration Technology Based on K-means++ [J]. Computer and Modernization, 2022, 0(02): 97-101.
[10]	JIN Xin, ZENG Si-ke, LIU Yang, WU Chu-han. Mask Wearing Detection Algorithm Based on Improved YOLOv4 [J]. Computer and Modernization, 2022, 0(01): 85-90.
[11]	WU Shui-ming, JI Zhi-yuan, WANG Zhen-yu, JING Dong-sheng. Power Information Network Intrusion Detection Algorithm Based on Dueling-DDQN [J]. Computer and Modernization, 2021, 0(12): 43-47.
[12]	ZHUANG Li-li, SHI Hong-yan. Outlier Detection Based on Improved Cuckoo Search k-means Algorithm [J]. Computer and Modernization, 2021, 0(10): 15-22.
[13]	ZHAO Yu-rong, GUO Hui-ming, JIAO Han, ZHANG Jun-wei. Application of YOLOv4 with Mixed-domain Attention in Ship Detection [J]. Computer and Modernization, 2021, 0(09): 75-82.
[14]	DENG Bin-tao, XU Sheng-chao. A Differential Evolution K-mediods Clustering Algorithm Based on Dynamic Gemini Population [J]. Computer and Modernization, 2021, 0(07): 54-59.
[15]	LI Long, ZHANG Chong-yang. Vehicle Taillight Detection Method Based on Improved YOLOv3 [J]. Computer and Modernization, 2021, 0(07): 89-94.