Abstract: The improved artificial colony optimization algorithm was used to solve the combinatorial optimization problem of parameters and features in density clustering anomaly intrusion detection. Firstly, the parameters and characteristic values were encoded by the different encoding methods in the initial honey source stage. Secondly, two search strategies were used to search the parameters and characteristic values in the neighborhood search stage. Finally, in order to satisfy the requirement of low false positive rate for anomaly intrusion detection, an influence factor of false positive rate was added into the new fitness function. The experimental results show that the improved algorithm not only improves the accuracy of normal behavior profiles, but also reduces the computational cost and storage space. It can eliminate the noise characteristic interference to some extent and improve the detection performance.

Key words: anomaly intrusion detection, artificial bee colony, density clustering, combinatorial optimization