基于BFOA和K-means的复合入侵检测算法

A hybrid intrusion detection system based on BFOA and K-means algorithm

K-means算法对初始聚类中心及簇数K的选择敏感,导致聚类结果不稳定,会对IDS(intrusion detection system,IDS)的检测结果产生重要影响。针对该问题,提出一种基于细菌觅食优化算法(bacterial foraging optimization algorithm,BFOA)和K-means相复合的入侵检测算法(HIDS)。HIDS算法首先基于距离阈值方法动态确定簇数K,再利用BFOA优化生成初始聚类中心,使得选择的初始聚类中心达到全局最优,从而解决了K-means算法的聚类结果不稳定的问题,进而提高入侵检测的准确率。为验证算法的有效性和测试算法性能,将HIDS在KDD99数据集上进行试验测试,入侵检测率可达98.33%。试验结果表明该方法能够有效提高检测率并且降低误检率。

The K-means algorithm was sensitive to the selection of the initial clustering center and the number of clusters K,which led to the instability of the clustering results and would have a significant impact on the detection results of IDS（ instrusion detection system,briefly named as IDS）. To solve this problem,a hybrid intrusion detection algorithm（ HIDS） based on BFOA（ bacterial foraging optimization algorithm） and K-means was proposed. The value of K could be determined dynamically based on the distance threshold method. BFOA could be used to optimize the initial cluster centers,which made the initial clustering centers to be globally optimal. Therefore,the instability of the clustering results of K-means algorithm was solved. The detection rate was 98. 33% by performing an experimental test on the KDD99 dataset. The experimental results showed that the method could effectively improve the detection rate and reduce the false detection rate.