Hezhou University, School of Mathematics and Computer Hezhou Guangxi 542899, China

---

Abstract—In order to solve the problem of network intrusion detection, traditional k-means algorithm in the process of network intrusion detection application, there are some shortcomings, such as sensitivity to the initial value of clustering center, easy to fall into local optimal value, pre-set number of clusters k value, easy to be affected by noise and isolated points, not suitable for the discovery of non-spherical clusters or clusters of large size difference, etc. so that the network intrusion detection accuracy rate is low, high false detection rate. Aiming at the influence of isolated points on the clustering center of k-means algorithm, this paper firstly optimizes the data set itself, removes isolated points, and makes the data set as spherical as possible. For the selection of the initial clustering location, the maximum similarity distance within the class and the minimum similarity distance between classes are used to dynamically generate new classes, and then the data sets are merged into several classes according to the point density, and the unreasonable clusters are split by combining the minimum support tree clustering algorithm, so that the performance of the intrusion detection system is effectively improved. simulation results show that the improved k-means clustering algorithm is used in the network intrusion detection system to improve the detection rate of anomaly detection, reduce the false detection rate, and provide an effective reference for network detection optimization.

Index Terms—Intrusion detection; clustering analysis; k-means algorithm; minimum support tree.

[PDF]

Cite: Fengling Wang, "Research on Application of Improved K-means Algorithm in Network Intrusion Detection," Journal of Software vol. 13, no. 3, pp. 192-200, 2018.