Details

Autor(en) / Beteiligte

• Peng, Kai
• Leung, Victor C. M.
• Huang, Qingjia

Titel

Clustering Approach Based on Mini Batch Kmeans for Intrusion Detection System Over Big Data

Ist Teil von

• IEEE access, 2018-01, Vol.6, p.11897-11906

Ort / Verlag

Piscataway: IEEE

Erscheinungsjahr

2018

Link zum Volltext

Quelle

EZB Electronic Journals Library

Beschreibungen/Notizen

• Intrusion detection system (IDS) provides an important basis for the network defense. Due to the development of the cloud computing and social network, massive amounts of data are generated, which inevitably brings much pressure to IDS. And therefore, it becomes crucial to efficiently divide the data into different classes over big data according to data features. Moreover, we can further determine whether one is normal behavior or not based on the classes information. Although the clustering approach based on <inline-formula> <tex-math notation="LaTeX">K </tex-math></inline-formula>-means for IDS has been well studied, unfortunately directly using it in big data environment may suffer from inappropriateness. On the one hand, the efficiency of data clustering needs to be improved. On the other hand, differ from the classification, there is no unified evaluation indicator for clustering issue, and thus, it is necessary to study which indicator is more suitable for evaluating the clustering results of IDS. In this paper, we propose a clustering method for IDS based on Mini Batch <inline-formula> <tex-math notation="LaTeX">K </tex-math></inline-formula>-means combined with principal component analysis. First, a preprocessing method is proposed to digitize the strings and then the data set is normalized so as to improve the clustering efficiency. Second, the principal component analysis method is used to reduce the dimension of the processed data set aiming to further improve the clustering efficiency, and then mini batch <inline-formula> <tex-math notation="LaTeX">K </tex-math></inline-formula>-means method is used for data clustering. More specifically, we use <inline-formula> <tex-math notation="LaTeX">K </tex-math></inline-formula>-means++ to initialize the centers of cluster in order to avoid the algorithm getting into the local optimum, in addition, we choose the Calsski Harabasz indicator so that the clustering result is more easily determined. Compared with the other methods, the experimental results and the time complexity analysis show that our proposed method is effective and efficient. Above all, our proposed clustering method can be used for IDS over big data environment.