The generalizing ability of current intrusion detection systems is poor because of their less priori knowledge. The clustering algorithm is adopted in the intrusion detection to make the generalizing ability of IDS still well while the priori knowledge is less. The research progress of intrusion detection is recalled and the clustering algorithm is introduced in this paper. A method of the intrusion detection based on the clustering algorithm is presented. Taking KDD99 usually used in intrusion detection data as an example, the opereating process of this model is discussed. The simulation result is analyzed. It is found that the approach can detect unknown intrusions efficiently in the real network connections.%目前的入侵检测系统存在着在先验知识较少的情况下推广能力差的问题.在入侵检测系统中应用聚类算法,使得入侵检测系统在先验知识少的条件下仍具有良好的推广能力.首先介绍入侵检测研究的发展概况和聚类算法;接着提出了基于聚类算法的入侵检测方法;然后以KDD99这类常用的入侵检测数据为例,讨论了该方法的工作过程;最后将计算机仿真结果进行了分析.通过实验和比较发现,基于聚类学习算法的入侵检测系统能够比较有效地检测真实网络数据中的未知入侵行为.
展开▼
