Network Abnormal Behavior Detection Method Based on Affinity Propagation

With the continuous advancement of Internet technology and the increasing number of network users, the behavior of malicious networks has become more complex and diversified, making the challenges of Internet security even more severe. Most intrusion detection systems use machine learning methods to detect user attacks, but such methods tend to be too time-intensive and inefficient when processing large amounts of data, although the accuracy for known types of attacks is high, it is not ideal for unknown attack behavior. In order to improve the situation, we propose a network anomaly behavior detection method based on affinity propagation. Firstly, we proposed the user behavior feature model by analyzing the characteristics of malicious behavior, and then we select the clustering algorithm with better performance to cluster the user behavior. Experiments show that this method can improve the accuracy and false positive rate of intrusion detection.