Intrusion Detection Alarm Filtering Technology Based on Ant Colony Clustering Algorithm

Along with the increase of network attacks, network information security has become a globally concerned issue. At present, mainstream intrusion detection systems have the universal problems of massive alarm information and high false alarm rate. Therefore, a data mining technology is proposed in this article in order to reduce the quantity of the false alarms generated by intrusion detection systems and meanwhile improve the detection accuracy, wherein such data mining technology is an unsupervised clustering method based on hybrid ant colony algorithm and can be used to detect intruders' collective behaviors, without the need to know the prior knowledge. Meanwhile, we adopt K-means clustering algorithm to accelerate the convergence rate of the Ant Colony algorithm. Actually, the experimental result shows that the method proposed thereby has higher detection rate but lower false alarm rate.

[1]  Maher Salem,et al.  An Enhanced GHSOM for IDS , 2013, 2013 IEEE International Conference on Systems, Man, and Cybernetics.

[2]  Liu Ranran Research on and Implementation of Ant Colony Algorithm Convergence , 2013 .

[3]  Xiao Zhuo-le An intrusion detection model based on k-means algorithm , 2013 .

[4]  Mei Ting IDS Performance and Robustness Analysis , 2010 .

[5]  Naruemon Wattanapongsakorn,et al.  A Practical Network-Based Intrusion Detection and Prevention System , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.