Abstract:

This paper proposes an Anomaly Detection algorithm based on Improved Density Clustering(ADIDC). The improved algorithm adopts clustering features separately on individual characteristic arranges and weighting features by the correlativity between the features and the normal profile. It can solve the frequent problem of the high false positive rate on clustering in the application of anomaly detection. A series of experiments on well known KDD Cup 1999 dataset demonstrates that it has a lower false positive rate, especially ensuring high detection rate with respect to the traditional anomaly detection methods. The detection of the special attack which resembles the normal act is obviously improved. In addtion, the detection performace can be further optimized by feature selection via feature weights. It makes the proposed algorithm more suitable for the realtime detection.

Key words: intrusion detection； anomaly detection； clustering； density clustering； weight feature