Abstract: An kernel clustering intrusion detection approach based on outlier detection is presented in this paper. The basic idea of the approach is to map the training data nonlinearly into a higher-dimensional feature space via a kernel function, to construct a separating hyperplane with maximum margin and to define a new distance measure in the feature space. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio. And then the identified cluster can be used in real data detection. The benefits of the approach lie in that it is fast in convergence speed and accurate in clustering and it needn’t labeled training data sets. Using the data sets of KDD99, the experiment result shows that this approach can detect intrusions efficiently in the real network connections.

Key words: Intrusion Detection, Outlier Detection, Kernel Cluster

摘要： 本文提出了一种基于孤立点检测的核聚类入侵检测方法。方法的基本思想是首先将输入空间中的样本映射到高维特征空间中，并通过重新定义特征空间中数据点到聚类之间的距离来生成聚类，并根据正常类比例Ｎ来确定异常数据类别，然后再用于真实数据的检测。该方法具有更快的收敛速度以及更为准确的聚类，并且不需要用人工的或其他的方法来对训练集进行分类。实验采用了KDD99的测试数据，结果表明，该方法能够比较有效的检测入侵行为。

关键词: 入侵检测, 孤立点检测, 核聚类