Abstract: An intrusion detection algorithm based on unsupervised clustering (UC) and support vector machine (SVM) is presented via combining the fast speed of UC and the high accuracy of SVM. The basic idea of the algorithm is to decide whether to utilize SVM classifier or not by comparing the distances between the network packets and the cluster centers. So the number of packets going through SVM reduces. Therefore, we can get a tradeoff between the speed and accuracy in the detection. Using KDD99 data sets, the experiment result shows that this approach can detect intrusions efficiently in the network connections.

Key words: intrusion detection, data mining, unsupervised clustering, support vector machines

摘要： 提出了一种将无监督聚类和支持向量机相结合的新的入侵检测方法。算法具有无监督聚类速度快和支持向量机精度高的优点，其基本思想是通过将网络数据包和聚类中心的比较确定是否需要进一步的采用支持向量机进行分类，从而减少了通过支持向量机的数据量，达到速度与精度的统一。实验采用KDD99的测试数据，结果表明，该方法能够有效的检测网络数据中的已知和未知入侵行为。

关键词: 入侵检测, 数据挖掘, 无监督聚类, 支持向量机