Abstract: To solve the problem that K-prototypes clustering algorithm is easy to fall into local optimal solution and strongly depends on its initial value in processing mixed attributes data. This paper puts forward a new intrusion detection algorithm based on the combination of K-prototypes and fuzzy evaluation. The method classifies the data by K-prototypes, and builds fuzzy evaluation models on each clustering in order to detect the data from statistics and characteristics. The result of experiment shows that the method not only improves the detection accuracy, but also reduces false detection rate compared to K-prototypes algorithm or fuzzy evaluation.

Key words: clustering algorithm, mixed attributes, fuzzy evaluation, intrusion detection

摘要： 针对K-prototypes聚类算法处理混合型入侵检测数据时易陷入局部最优且对初始值敏感的问题，提出了一种基于K-prototypes与模糊评判相结合的入侵检测方法，利用K-prototypes对数据进行统计归类，在聚类中建立模糊评判模型，从统计和特征两方面对数据进行双重判定。实验结果表明两种算法的有效结合，可以提高任一种算法单独使用时的检测性能，有效地提高了检测率，降低了误检率。

关键词: 聚类算法, 混合属性, 模糊评判, 入侵检测