Title :
Using a Dynamic K-means Algorithm to Detect Anomaly Activities
Author_Institution :
Sch. of Sci., Beijing Inf. Sci. & Technol. Univ., Beijing, China
Abstract :
IDS (Intrusion Detection system) is an active and driving defense technology. This paper mainly focuses on intrusion detection based on clustering analysis. The aim is to improve the detection rate and decrease the false alarm rate. A modified dynamic K-means algorithm called MDKM to detect anomaly activities is proposed and corresponding simulation experiments are presented. Firstly, the MDKM algorithm filters the noise and isolated points on the data set. Secondly by calculating the distances between all sample data points, we obtain the high-density parameters and cluster-partition parameters, using dynamic iterative process we get the k clustering center accurately, then an anomaly detection model is presented. This paper used KDD CUP 1999 data set to test the performance of the model. The results show the system has a higher detection rate and a lower false alarm rate, it achieves expectant aim.
Keywords :
pattern clustering; security of data; IDS; KDD CUP 1999 data set; MDKM; anomaly activity detection; anomaly detection model; cluster-partition parameters; clustering analysis; defense technology; dynamic iterative process; false alarm rate; high-density parameters; intrusion detection system; modified dynamic K-means algorithm; sample data points; Algorithm design and analysis; Clustering algorithms; Data models; Heuristic algorithms; Intrusion detection; Merging; Noise; Anomaly Detection; Clustering Analysis; Density; Dynamic; Intrusion Detection; K-means;
Conference_Titel :
Computational Intelligence and Security (CIS), 2011 Seventh International Conference on
Conference_Location :
Hainan
Print_ISBN :
978-1-4577-2008-6
DOI :
10.1109/CIS.2011.233
