Abstract: This paper introduces Fuzzy C-means(FCM) clustering method, researches the methods of intrusion detection based on clustering analysis, and establishes a new model of network intrusion detection. The new model is included data pre-processor, clustering-component based FCM, Updater of clustering-center, and detection system, and improves the availability of intrusion detection system. Experimental result proves that the model can detect intrusion from the network connection data at a lower system false alarm rate and a higher detection rate.

Key words: intrusion detection, clustering analysis, Fuzzy C-means(FCM), Euclidean distance, Simple Matching Coefficient(SMC)

摘要： 为提高网络入侵检测系统的入侵识别能力，提出一种基于模糊C均值(FCM)聚类的入侵检测模型。该模型包括数据预处理器、FCM聚类处理器、类中心集更新器和检测系统，可以同时处理数值属性与符号属性。实验结果表明，与其他模型相比，该模型具有较低的误警率和较高的检测率。

关键词: 入侵检测, 聚类分析, 模糊C均值, 欧氏距离, 简单匹配系数

CLC Number: 

• TP309

• TP393