Novel heuristic dual-ant clustering algorithm for network intrusion outliers detection

To solve the problem which unsupervised clustering algorithm is sensitive to parameter settings, the paper proposes a novel heuristic dual-ant clustering algorithm, some problems such as cluster dispersion and over many outliers which exists in traditional algorithm are resolved by adding a new kind of Maintenance Ants. The paper also propose novel heuristic functions to measures the instances similarity and to control the ant movement. Compared with other clustering algorithms, our algorithm do not need to know the number of clustering in advance, the dataset can be automatically clustered in the case of no prior knowledge, it is very suitable for intrusion anomaly detection based on unsupervised clustering. In experiments on network intrusion dataset, our algorithm is compared with the advanced cluster-based anomaly detection algorithm FindCBLOF, without knowing the original partition information of dataset, the experimental results is significantly better than FindCBLOF. It proved our algorithm has a good application value in network intrusion detection.