Relative Network Entropy based Clustering Algorithm for Intrusion Detection

Clustering, as a kind of data mining methods, with the characteristic of no supervising, quick modeling is widely used in intrusion detection. However, most of the traditional clustering algorithms use a single data point as a calculating unit, and the drawback exists in time wasting to calculate one data point after another when clustering, meanwhile, a single local change of data will significantly affect the clustering results. This paper proposes a novel clustering algorithm named EBDBSCAN, a data mining algorithm based on relative network entropy. EB-DBSCAN use the batch data processing method which can cluster quickly, accurately and unsupervised for high-speed and massive network data stream with arbitrary shape. Experimental results show that EB-DBSCAN can achieve roughly the same average purity and average precision as DBSCAN. Moreover, concerning the number of clusters and execution time, EB-DBSCAN performs much better than DBSCAN, making both performance increased by an average of 1.5 times and 190 times more, which shows a prosperous potentiality for high speed network traffic analysis.