Anomaly detection is a vital component of Intrusion Detection system. The anomaly detection approaches can be classified into semi-supervised and unsupervised anomaly detection. Unsupervised anomaly detection technique is the mainly approaches establish the profile of normal behavior with unlabeled training data that consists of both normal as well as anomalous samples. This paper uses the unsupervised K-MEANS algorithm to model and detect anomaly activities. The aim is to improve the detection rate and decrease the false alarm rate. A K-MEANS algorithm based on information entropy (KMIE) is proposed to detect anomaly activities. KMIE can filter the outliers on the dataset to reduce the negative impact, and indentify the initial cluster centers using entropy method. Then, KMIE can use these centers to iterative calculate and classify records into different clusters. This paper uses KDD CUP 1999 dataset to test the performance of KMIE algorithm. The results show that our method has a higher detection rate and a lower false alarm rate, it achieves expectant aim.
[1]
Liu Gui.
A K-means Algorithm Based on Optimized Initial Center Points
,
2009
.
[2]
Jim Z. C. Lai,et al.
Fast global k-means clustering using cluster membership and inequality
,
2010,
Pattern Recognit..
[3]
Li Han.
Using a Dynamic K-means Algorithm to Detect Anomaly Activities
,
2011,
2011 Seventh International Conference on Computational Intelligence and Security.
[4]
Han Li.
Research and Implementation of an Anomaly Detection Model Based on Clustering Analysis
,
2010,
2010 International Symposium on Intelligence Information Processing and Trusted Computing.
[5]
Deborah A. Frincke,et al.
Intrusion and Misuse Detection in Large-Scale Systems
,
2002,
IEEE Computer Graphics and Applications.