Computer Science

Computer Science ›› 2016, Vol. 43 ›› Issue (3): 158-162.doi: 10.11896/j.issn.1002-137X.2016.03.030

Previous Articles     Next Articles

Hybrid Kmeans with KNN for Network Intrusion Detection Algorithm

HUA Hui-you, CHEN Qi-mai, LIU Hai, ZHANG Yang and YUAN Pei-quan   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

812

Abstract: Network intrusion detection algorithm is one of the hot and difficult topics in the field of network security research.At present,many algorithms like KNN and TCMKNN,which process relatively small data samples,are still very time-consuming when processing large scale date set.Therefore,this paper put forward a hybrid algorithm(Cluster-KNN),which is adaptive to large scale data set.The algorithm is divided into the offline data preprocess phase(data indexing) and the online real-time classification phase.The offline phase establishes the cluster index for the large data set.Then the online phase uses the index to search neighbors,and finally outputs the result by KNN algorithm.The experimental results show that compared with the traditional KNN algorithm,Cluster-KNN algorithm has high time efficiency in the classification phase,and it has considerable advantages as well compared to intrusion detection methods of the same field in the accuracy rate,false positive rate,false negative rate and other aspects.Cluster-KNN can clearly distinguish the abnormal and normal scenes,and it has a high online classification speed.Thus,it is more suitable for the real network application environment.

Key words: Network intrusion detection,Kmeans,KNN,KDDCUP99

[1] Liao Yi-hua,Vemuri V R.Using K-Nearest neighbor classifier for Intrusion detection[J].Computers and Security,2002,5(21):439-448
[2] Li Yang,Fang Bin-xing,et al.Supervised Intrusion DetectionBased on Active Learning and TCM-KNN Algorithm[J].Chinese Journal of Computers,2007,0(8):1464-1473(in Chinese) 李洋,方滨兴,等.基于主动学习和TCM-KNN方法的有指导入侵检测技术[J].计算机学报,2007,0(8):1464-1473
[3] Naoum R S,Al-Sultani Z N.Learning Vector Quantization(LVQ) and k-Nearest Neighbor for Intrusion Classification[J].World of Computer Science and Information Technology Journal,2012,3(2):105-109
[4] Jamshidi Y,Nezamabadi-pour H.A Lattice based NearestNeighbor Classifier for Anomaly Intrusion Detection[J].Journal of Advances in Computer Research,2013,4(4):51-60
[5] Ma Z,Kaban A.K-Nearest-Neighbours with a novel similarity measure for intrusion detection[C]∥2013 13th UK Workshop on Computational Intelligence (UKCI).IEEE,2013:266-271
[6] Jianliang M,Haikun S,Ling B.The Application on Intrusion Detection Based on K-means Cluster Algorithm[C]∥International Forum on Information Technology and Applications,2009(IFITA ’09).IEEE,2009:150-152
[7] Li Z,Li Y,Xu L.Anomaly Intrusion Detection Method Based on K-Means Clustering Algorithm with Particle Swarm Optimization[C]∥2011 International Conference on Information Technology,Computer Engineering and Management Sciences (ICM).IEEE,2011:157-161
[8] Deelers S A S.Enhancing K-Means Algorithm with Initial Cluster Centers Derived from Data Partitioning along the Data Axis with the Highest Variance[C]∥Proceedings of World Academy of Science,Engineering and Technology.2007,6:323-328
[9] Gast E,Oerlemans A,Lew M S.Very large scale nearest neighbor search:ideas,strategies and challenges[J].International Journal of Multimedia Information Retrieval,2013,2(4):229-241
[10] Muda Z,Yassin W,Sulaiman M N,et al.Intrusion detectionbased on K-Means clustering and Nave Bayes classification[C]∥International Conference on Information Technology in Asia.IEEE,2011:1-6
[11] Ashok R,Lakshmi A J,Rani G D V,et al.Optimized feature selection with k-means clustered triangle SVM for Intrusion Detection[C]∥Third International Conference on Advanced Computing.IEEE,2011:23-27
[12] Sharma S K,Pandey P,Tiwari S K,et al.An improved network intrusion detection technique based on k-means clustering via Nave Bayes classification[C]∥2012 International Conference on Advances in Engineering,Science and Management (ICAESM).IEEE,2012:417-422
[13] Muda Z,Yassin W,Sulaiman M N,et al.Intrusion detectionbased on k-means clustering and OneR classification[C]∥2011 7th International Conference on Information Assurance and Security (IAS).IEEE,2011:192-197
[14] Guo C,Zhou Y,Ping Y,et al.A distance sum-based hybridmethod for intrusion detection[J].Applied Intelligence,2014,40(1):178-188
[15] Kuang F,Xu W,Zhang S.A novel hybrid KPCA and SVM with GA model for intrusion detection[J].Applied Soft Computing,2014,18(4):178-184
[16] Gogoi P,Bhattacharyya D K,et al.MLH-IDS:A Multi-LevelHybrid Intrusion Detection Method [J].Computer Journal,2014,7(4):602-623
[17] Xiang C,Xiao Y,Qu P,et al.Network Intrusion Detection Based on PSO-SVM[J].TELKOMNIKA:Indonesian Journal of Electrical Engineering,2013,2(2):1052-1058
[18] Wang Jie-song,Zhang Xiao-fei.The Analysis and Pre-process of KDDCup99 Benchmark Dataset of Network Intrusion Detection[J].Science and Technology Information,2008(15):79-80(in Chinese) 王洁松,张小飞.KDDCup99网络入侵检测数据的分析和预处理[J].科技信息:科学·教研,2008(15):79-80
[19] Zhang Xin-you,Zeng Hua-shen,Jia Lei.Research of IntrusionDetection system Dataset-KDD CUP99[J].Computer Enginee-ring and Design.2010,1(22):4809-4814(in Chinese) 张新有,曾华燊,贾磊.入侵检测数据集KDD CUP99研究[J].计算机工程与设计,2010,31(22):4809-4814
[20] Wang Zhi-gang,Hu Chang-zhen,et al.Cyber Security Datasets Research advanced materials research[J].Advanced Materials and Computer Science II,2013,4(4):191-195
[21] Tsai C,Lin C.A triangle area based nearest neighbors approach to intrusion detection[J].Pattern Recognition,2010,43:222-229
[22] Elkan C.Results of the KDD’99 classifier learning contest.http://cseweb.ucsd.edu/users/elkan/clresults.html
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.