Intrusion detection based on improved density peak clustering for imbalanced data on sensor-cloud systems

Intrusion detection has been extremely important for the security of the cloud computing environment for these years. However, it is also extremely hard to prevent network systems from attacking, due to that the attacking data and normal data usually have large different density distributions, i.e, they are imbalanced. Clustering is one of the effective methods for intrusion detection. Density Peak (DPeak) is a famous clustering algorithm that maps data of arbitrary dimension onto two dimensions, and it can automatically distinguish density centers and noise. However, it is not appropriate for applying DPeak in detecting intrusion data directly. Because (1) sparse regions are difficult to be identified and (2) most points in dense regions of imbalanced data are highly possible misclassified as outliers. Hence, an improved DPeak, namely Rotation-DPeak, is proposed to overcome them according to a simple assumption: the higher density of a point p, the larger delta it should have such that p can be picked as a density peak. Then, a novel strategy is invented to select density peaks by quadratic curve, rather than by choosing points with the largest gamma (gamma = rho x delta) or by drawing a rectangle on the decision graph. In addition, it is found that abnormal data usually leads to bad performance for intrusion detection, therefore we propose an outlier detection algorithm to identify anomaly traffic. Experiments prove that the proposed algorithm works well on imbalanced datasets, and is suitable for intrusion detection, which has a good performance in accuracy.

Automated summary

Intrusion detection is crucial for cloud computing security, and using the improved DPeak algorithm can better handle data imbalance and anomalies, resulting in higher accuracy.