An Improved K-Means Using in Anomaly Detection

Anomaly detection, as a part of network security, is an important question, which has attracted much attention. The characteristics of data mining make it suitable for anomaly detection. Cluster analysis is a kind of data mining technology and it can divide records into different clusters, which is convenient for anomaly detection. Traditional K-manes is affected by the selection of initial centers, the number of clusters and isolated points. We combine information entropy and DD algorithm to improve K-means and use KDD CUP99 data set to analysis the performance. From twice experiences, we find that improved K-means has higher detection rate and lower false positive rate than traditional K-means.