Jiang Wei,Min Yao,Jun Yan

DOI: https://doi.org/10.1109/ISISE.2008.17

2008-01-01

Abstract:Clustering is one of the important means of Intrusion detection. In order to overcome the disadvantages of fuzzy C-means algorithm, this paper presents a kind of improved fuzzy C-means algorithm (IFCM for short). IFCM algorithm reduces the infection of isolated point by means of weighting the degree of membership for objects to be clustered, and avoids the subjectivity in choosing the number of clustering by introducing the function of validity. Then, IFCM algorithm is used to intrusion detection, and satisfactory experiment effects are obtained. © 2008 IEEE.

徐磊,赵光宙

DOI: https://doi.org/10.3321/j.issn:1001-0920.2008.09.013

2008-01-01

Abstract:By replacing the distance rule with fuzzy factors,an SVM featured fuzzy membership function of training points is introduced to work on the error coefficient.By punishing the weight of the remote points,the clustering center is prevented from being attracted by the abnormal data edge,thus the robustness against the remote points is improved without extra complex searching of parameters.Computer simulations show that,under the same initial conditions,the improved algorithm works more efficiently than the original one on irregularly distributed data.

Xinyu Li

2011-01-01

Abstract:A distance measurement method based on weighted features of heterogeneous data which is designed to response for network intrusion detection traffic data samples heterogeneity of Characteristics properties and differences of contribution rates between properties has been put forward in this paper.For the Fuzzy C-means clustering algorithm for network intrusion detection problem is difficult to determine the number of clustering,this paper proposes the unsupervised fuzzy clustering algorithm for intrusion detection that automatically determine the optimal clustering number.These results of simulations run on the KDDcup1999 data sets show that the algorithm has efficient performance in clustering number optimization and effectively increases the detection degree of clustering intrusion detection.

Zhouzhou Liu,Wei,Hao Wang,Yangmei Zhang,Qianyun Zhang,Shining Li

DOI: https://doi.org/10.1109/access.2018.2879891

IF: 3.9

2018-01-01

IEEE Access

Abstract:Aiming at large-scale, high dimensional data, and variable intrusion behavior in wireless sensor networks (WSNs), an intrusion detection algorithm based on parallel intelligent optimization feature extraction and distributed fuzzy clustering for WSNs is proposed. First, in order to effectively reduce the data dimensionality and improve the robustness of the feature extraction process, the parallel intelligent optimization feature extraction framework is constructed on the basis of defining the optimal feature evaluation index, for which the theoretical analysis shows that the index can eliminate feature redundancy and maintain the diversity of original data. Second, the spider cluster optimization algorithm evolution rule is redefined by introducing local search and adaptive multi strategy update method, and it proves that the improved social spider optimization (ISSO) algorithm has global convergence. The ISSO is used to solve the feature extraction framework, and through the parallel feature subset selection process, the best feature combination is extracted. Finally, WSNs intrusion detection is carried out by using the best feature subset and the distributed fuzzy clustering technology, and intelligent iterative evolution method and adaptive clustering strategy are introduced in order to improve the fuzzy clustering algorithm performance. Experimental results show that the intrusion detection algorithm can effectively give the results of intrusion detection, and moreover, compared with the other detection algorithms, the intrusion detection rate is improved by about 13.1%, and the false detection rate is decreased by about 8.5%.

Y Feng,KG Wu,ZF Wu,J Zhong,H Li

DOI: https://doi.org/10.1142/9789812701534_0110

2005-01-01

Abstract:A clustering algorithm based on swarm intelligence is systematically proposed for anomaly intrusion detection. The basic idea of our approach is to produce the cluster by swarm intelligence-based clustering. Instead of using the linear segmentation function of the CSI model, here we propose to use a nonlinear probability conversion function and can help to solve linearly inseparable problems. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio. And then the identified cluster can be used in real data detection. In the traditional clustering-based intrusion detection algorithms, clustering using a simple distance-based metric and detection based on the centers of clusters, which generally degrade detection accuracy and efficiency. Our approach can settle these problems effectively. The experiment result shows that out approach can detect unknown intrusions efficiently in the real network connections.

TANG Deyu,QI Deyu,CAI Xianfa,HU Jinglin

DOI: https://doi.org/10.3778/j.issn.1002-8331.2012.06.002

2012-01-01

Abstract:In view of the problem that FCM(Fuzzy C-Means)cluster algorithm easily traps in a local optimum and strongly depends on the initialization,this paper proposes a point density weighted FCM based on search space smoothing technique to get a global optimum. Input by obtained cluster centers,it implements FCM algorithm again,checking the data point when it’s membership value is smaller than the threshold,and if it is deleted,the objective function value changes obviously,then this data point is an abnormal data point,and the final small cluster should be abnormal data points.The experimental results based on the datum of KDDCUP99(Knowledge Discovery and Data Mining Cup 99)demonstrate that the algorithm possesses higher detection rate and lower misuse detection rate.

Hai-peng CHEN,Xuan-jing SHEN,Jian-wu LONG,Ying-da L(U)

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.03.028

2017-01-01

Abstract:To automatically determine the number of clusters,a new fuzzy clustering algorithm is proposed in this study,which is based on soft partition scheme and integrates many FCM clustering results.In this method,FCM clustering is implemented on data by the cluster number;then the membership information is used to build a cumulative adjacency matrix;finally,the graph cut method is adopted to the cumulative adjacency matrix by iterative manner to obtain clustering results.Simulation experiments show that,compared to the current integrated clustering method,our method can effectively reduce the number of FCM clustering;furthermore,its iterations in the graph cut process is about 1/2 of the existing method.

GUO Ya-zhou,GAO De-yuan,GAO Xiang

DOI: https://doi.org/10.3969/j.issn.1003-1251.2005.04.008

2005-01-01

Abstract:With the rapid development and application of the computer network technique,the intrusion detection technique has become a hotspot of the research in the network security.This paper presents a method for the anomaly detection based on fuzzy clustering,and the method is evaluated by performing experiments over network records from the KDD CUP99 data set.From the experiments,it was found that this method can detect the previously unknown attacks in the real network data effectively.

Weigang Liu

DOI: https://doi.org/10.1155/2022/4927504

2022-06-10

Wireless Communications and Mobile Computing

Abstract:Attacks on network systems are becoming more and more common, the current state of increasingly sophisticated attack methods, the emergence of intrusion prevention technology is the inevitable result of the development of computer technology and network technology, and research on intrusion prevention has become a new focus of network security technology research in recent years. In order to ensure the security of computer network confidential information, the authors propose a semisupervised clustering intrusion detection algorithm. An overview of machine learning, followed by an explanation of the theory of cluster analysis, simulation experiments were carried out using the K -means algorithm and the semisupervised clustering algorithm proposed by the author, for 10,000 records, the K -means clustering algorithm and the semisupervised clustering algorithm described in this paper are used, respectively, and intrusion detection data tests were performed. At the same time, different K values were selected, three datasets were selected from "kddcup.newtestdata_10_percent_corrected," the test data were tested separately, and their average value was taken as the test result. From the simulation results, the detection rate of the semisupervised clustering algorithm is higher than that of the K -means clustering algorithm, and the false alarm rate and K -means algorithms have also been improved. Therefore, the author's semisupervised algorithm enhances the stability of the system, and the performance of the K -means algorithm is improved to a certain extent. When the value of K gradually increases, the false alarm rate also increases; however, when K is 20, the detection rate is maximized, from this, it can be known that when K is 20, its detection rate reaches 91.76%, and the false alarm rate is 8.54%. The detection rate of the author's algorithm is significantly higher than the other two algorithms, the false positive rate is slightly higher than K -means, and the false positive rate is lower than that of the other algorithm, proving the superior performance of our algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chen Hai-peng,Shen Xuan-Jing,Lv Ying-da,Long Jian-Wu

DOI: https://doi.org/10.1016/j.neucom.2016.09.103

IF: 6

2016-01-01

Neurocomputing

Abstract:In the field of data clustering, finding the cluster numbers automatically and generating reliable clusters for a given dataset are fundamental but challenging tasks. Recently, a clustering analysis algorithm for the automatic identification of cluster numbers was presented, and it achieves accurate clustering results for those datasets with complex structures. Unfortunately, this algorithm utilizes a hard partition approach in the process of integration and does not make full use of the membership information from each fuzzy c-means (FCM) clustering result. Thus, this scheme has to integrate many more FCM clustering results and also requires many iterations during the process of iterative graph partitioning. To address this problem, an automatic fuzzy clustering algorithm is proposed in this paper, combining the soft partition method with the membership information from each FCM clustering result. Finally, extensive experiments are performed, and under the premise of obtaining accurate clustering results simultaneously, the proposed algorithm can effectively decrease the number of FCM clustering results in the process of integration compared with the original algorithm. Furthermore, the number of iterations of the proposed scheme in the iterative graph partitioning process is half that of the original approach.

HUANG Kai-feng,WU Qing-tao,ZHENG Rui-juan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2012.11.013

2012-01-01

Abstract:In view of the faults of the traditional fuzzy C-means clustering algorithm in convergence speed and easy fall into local optimum,the improved particle swarm optimization algorithm with cross-operation is used to make up for the deficiency of the fuzzy C-means(FCM)algorithm,thus an optimized fuzzy C-means clustering algorithm is proposed.Simulation experiment results show that the optimized fuzzy C-means(OFCM) algorithm is better than FCM in global searching capability and convergence speed.The method overcome the shortages of FCM,such as poor stability and low intrusion detection precision.The new algorithm has good feasibility and practicality in network security.

zheng hong xiao,zhi gang chen,xiao heng deng

DOI: https://doi.org/10.4028/www.scientific.net/AMM.121-126.3745

2012-01-01

Applied Mechanics and Materials

Abstract:Based on the principle that the same class is adjacent, an anomaly intrusion detection method based on K-means and Support Vector Machine (SVM) is presented. In order to overcome the disadvantage that k-means algorithm requires initializing parameters, this paper proposes an improved K-means algorithm with a strategy of adjustable parameters. According to the location of wireless sensor networks (WSN), we can obtain clustering results by applying improved K-means algorithm to WSN, and then SVM algorithm is applied to different clusters for anomaly intrusion detection. Simulation results show that the proposed method can detect abnormal behaviors efficiently and has high detection rate and low false positive rate than the current typical intrusion detection schemes of WSN.

SHI ZHONG,TAGHI M. KHOSHGOFTAAR,NAEEM SELIYA

DOI: https://doi.org/10.1142/s0218539307002568

2007-04-01

International Journal of Reliability, Quality and Safety Engineering

Abstract:Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.

Guo Pu,Lijuan Wang,Jun Shen,Fang Dong

DOI: https://doi.org/10.26599/tst.2019.9010051

2021-04-01

Abstract:In recent years, machine learning-based cyber intrusion detection methods have gained increasing popularity. The number and complexity of new attacks continue to rise; therefore, effective and intelligent solutions are necessary. Unsupervised machine learning techniques are particularly appealing to intrusion detection systems since they can detect known and unknown types of attacks as well as zero-day attacks. In the current paper, we present an unsupervised anomaly detection method, which combines Sub-Space Clustering (SSC) and One Class Support Vector Machine (OCSVM) to detect attacks without any prior knowledge. The proposed approach is evaluated using the well-known NSL-KDD dataset. The experimental results demonstrate that our method performs better than some of the existing techniques.

computer science, information systems,engineering, electrical & electronic, software engineering

Y Feng,ZF Wu,KG Wu,ZY Xiong,Y Zhou

DOI: https://doi.org/10.1109/icmlc.2005.1527630

2005-01-01

Abstract:An approach to network intrusion detection is investigated, based on swarm intelligence. The basic idea of the method is to produce the cluster by swarm intelligence-based clustering. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio. And then the identified cluster can be used in real data detection. In the traditional clustering-based intrusion detection algorithms, clustering using a simple distance-based metric and detection based on the centers of clusters, which generally degrade detection accuracy and efficiency. Our approach based on swarm intelligence can settle these problems effectively. The experiment result shows that our approach can detect unknown intrusions efficiently in the real network connections.

Xu Lei,Guo Yifei,Li Sheng,He Wei,Xie Di

DOI: https://doi.org/10.1109/imccc.2012.118

2012-01-01

Abstract:With the explosion of electronic information on web, the detection and tracing are difficult, there is the increasing requirement to identify the hotspots. The Fuzzy C Means (FCM) fuzzy cluster method can provide clear borderlines among different clusters, but the cluster validity analysis of FCM is devoid. Aim to solve the aforementioned problem, an improved FCM cluster method is proposed. Before the cluster process, a "variety difference-segregation degree" (VDSD) function is adopted to pretreat the vectors which obtained by the TF-IDF method. Taken the data structure of sample space and membership of fuzzy cluster into account, the function can calculate the optimize number of cluster exactly. The simulation results indicate that the improved FCM cluster method is with availability and provide a novel means for the hotspots analysis on web.

Wei Liang,Kuan-Ching Li,Jing Long,Xiaoyan Kui,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tii.2019.2946791

IF: 12.3

2020-03-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8, and the FP of detection is decreased by 8.8.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Xiaofeng Wang,Gongshen Liu,Jianhua Li

DOI: https://doi.org/10.1109/dsaa.2014.7058116

2014-01-01

Abstract:Detection of community structure in complex networks is a significant aspect in social network analysis. A novel fuzzy clustering method is proposed in this paper, by which the community structure can be divided. In contrast to previous studies, the proposed method processes similarity of connecting vertices with fuzzy relation. In our method, we globally consider the fuzzy relation between vertices and the similarity in network topology to divide vertices into communities. In addition, smaller grained communities can be detected by adjusting fuzzy parameter. In order to avoid subjectivity in the selection of cluster number, a new modularity is introduced to evaluate the effectiveness of the clustering analysis. It's proved by experiments that the method is efficient in detecting both good communities and appropriate number of clusters.

QIU Wang-ren,ZHAN Tang-sen,LIU Xiao-dong

2008-01-01

Abstract:Cluster analysis is an important research topic in data mining (DM), fuzzy cluster analysis is an effective method of clus ter analysis.This paper proposes a novel clustering algorithm after analyzin g the AFS theory and FCM algorithm.The experimenttal results show that i t is not only better than tradition FCM algorithm but also has good practical va lue and can be used into other field easily.

LEI Yaguo,HE Zhengjia,ZI Yanyang,HU Qiao,DING Feng

DOI: https://doi.org/10.3901/jme.2006.12.116

IF: 2.964

2006-01-01

Chinese Journal of Mechanical Engineering

Abstract:Aiming at the fuzzy C-means(FCM)clustering algo- rithm supposing the uniform influence to clustering by different features and samples,and setting the cluster number beforehand, a novel hybrid clustering algorithm based on 3 layer forward neural networks(FNN),an algorithm of distribution density function of data point and the cluster validity index is proposed. Feature weighting and sample weighting are considered in this hybrid clustering algorithm and the cluster number is automati- cally set by using the cluster validity index to finish clustering. Feature weights are adaptively learned via FNN with the gradi- ent descent technique under the unsupervised mode of training, and sample weights are computed through the algorithm of distribution density function of data point.Then,the feature weights and the sample weights are assigned to the correspond- ing features and samples to emphasize the leading effect of sensitive features and typical samples,and weaken the interfer- ence of other features and samples.The proposed algorithm is employed to analyze the benchmark data and the practical data from locomotive bearings,and the results show that the algo- rithm enables to automatically and correctly set cluster number and its clustering performance is better than that of the FCM.