A Network Intrusion Detection Method based on K-Means

Abstract:
With the continuous development of computer technology and the expansion of network scale, intrusion has become more and more serious threats to the security of computer systems and networks. An intrusion is an unauthorized and deliberate attempt to access information, tamper with it, and make the system unreliable or unusable. For illegal intrusion behavior, we propose an unsupervised anomaly detection method, which combines clustering analysis method with intrusion detection technology, and uses K-Means algorithm to cluster unlabeled data, so as to provide as pure normal behavior data as possible for establishing normal behavior model. In the process of modeling, a new normal behavior modeling algorithm based on hyperrectangle is proposed, which is helpful to detect intrusion behaviors quickly and accurately. Experiments on KDDcup99 dataset show that this method can effectively detect intrusion behaviors in network data, with high detection rate and low false detection rate.