A Parallel Clustering Ensemble Algorithm for Intrusion Detection System

Clustering analysis is a common unsupervised anomaly detection method, and often used in Intrusion Detection System (IDS), which is an important component in the network security. The single cluster algorithm is difficult to get the great effective detection, and then a new cluster algorithm based on evidence accumulation is born. The IDS with clustering ensemble has a low false positive rate and high detection rate, however, the IDS is slow to detect the mass data stream, and it can not detect the attacks in time. This paper presents a parallel clustering ensemble algorithm to improve the speed and the effective of the system. Finally, the KDDCUP99 data set is used to test the system show that the IDS have greatly improvement in time and efficiency.

[1]  Anil K. Jain,et al.  Data clustering: a review , 1999, CSUR.

[2]  Ana L. N. Fred,et al.  Evidence Accumulation Clustering Based on the K-Means Algorithm , 2002, SSPR/SPR.

[3]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[4]  Ali A. Ghorbani,et al.  Y-means: a clustering method for intrusion detection , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[5]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[6]  Qingshan Jiang,et al.  An Intrusion Detection System Based on the Clustering Ensemble , 2007, 2007 International Workshop on Anti-Counterfeiting, Security and Identification (ASID).

[7]  David G. Stork,et al.  Pattern Classification , 1973 .

[8]  Joshua Zhexue Huang,et al.  Extensions to the k-Means Algorithm for Clustering Large Data Sets with Categorical Values , 1998, Data Mining and Knowledge Discovery.

[9]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.