Journal of Systems Engineering and Electronics ›› 2012, Vol. 34 ›› Issue (3): 625-630.doi: 10.3969/j.issn.1001-506X.2012.03.36

Previous Articles     Next Articles

Intrusion detection algorithm based on SSC-tree stream clustering

CHENG Chun-ling1,2,3, YU Zhi-hu1, ZHANG Deng-yin1,3, XU Xiao-long1,2   

  1. 1. College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210003, China;
    2. Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210003,  China;
    3. Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications), Ministry of Education Jiangsu Province, Nanjing 210003, China
  • Online:2012-03-22 Published:2010-01-03

PDF (PC)

Abstract:

As data streams show the fast, unlimited and bursting characteristics, real-time intrusion detection in high-speed networks becomes a problem. A similarity search cluster-tree (SSC-tree) is designed to maintain the summary feature of data streams and a clustering algorithm based on the SSC-tree is proposed to detect intrusion in highspeed networks. In order to process high speed and bursting streams in time, chaining buffer, piggyback and local cluster mechanisms are used. The chaining buffer in SSC-tree is used to store temporary data stream objects which are piggybacked later to solve the problem that high-speed streams cannot be clustered in time when the bursting data streams arrive. Besides, in order to meet the arrival of high-speed stream, the algorithm introduces a local cluster mechanism, which is the process of preclustering to produce local micro-clusters before data stream objects are inserted in the SSC-tree. The experiment results show that the proposed algorithm has good applicability and high clustering accuracy in high-speed networks. It can detect the intrusion in high-speed networks effectively.

CLC Number: 

[an error occurred while processing this directive]