Go to DBLP homepageIntrusion detection based on improved density peak clustering for imbalanced data on sensor-cloud systems
Abstract: Intrusion detection has been extremely important for the security of the cloud computing environment for these years. However, it is also extremely hard to prevent network systems from attacking, due to that the attacking data and normal data usually have large different density distributions, i.e, they are imbalanced. Clustering is one of the effective methods for intrusion detection. Density Peak (DPeak) is a famous clustering algorithm that maps data of arbitrary dimension onto two dimensions, and it can automatically distinguish density centers and noise. However, it is not appropriate for applying DPeak in detecting intrusion data directly. Because (1) sparse regions are difficult to be identified and (2) most points in dense regions of imbalanced data are highly possible misclassified as outliers. Hence, an improved DPeak, namely Rotation-DPeak, is proposed to overcome them according to a simple assumption: the higher density of a point p, the larger δ it should have such that p can be picked as a density peak. Then, a novel strategy is invented to select density peaks by quadratic curve, rather than by choosing points with the largest γ (γ=ρ×δ) or by drawing a rectangle on the decision graph. In addition, it is found that abnormal data usually leads to bad performance for intrusion detection, therefore we propose an outlier detection algorithm to identify anomaly traffic. Experiments prove that the proposed algorithm works well on imbalanced datasets, and is suitable for intrusion detection, which has a good performance in accuracy.
Loading