In view of the fact that the existing intrusion detection system (IDS) based on clustering algorithm cannot adapt to the large-scale growth of system logs, a K-mediods clustering intrusion detection algorithm based on differential evolution suitable for cloud computing environment is proposed. First, the differential evolution algorithm is combined with the K-mediods clustering algorithm in order to use the powerful global search capability of the differential evolution algorithm to improve the convergence efficiency of large-scale data sample clustering. Second, in order to further improve the optimization ability of clustering, a dynamic Gemini population scheme was adopted to improve the differential evolution algorithm, thereby maintaining the diversity of the population while improving the problem of being easily trapped into a local optimum. Finally, in the intrusion detection processing of big data, the optimized clustering algorithm is designed in parallel under the Hadoop Map Reduce framework. Simulation experiments were performed in the open source cloud computing framework Hadoop cluster environment. Experimental results show that the overall detection effect of the proposed algorithm is significantly better than the existing intrusion detection algorithms.

中文翻译：

---

Hadoop平台上基于动态Gemini群体DE-K-mediods聚类的入侵检测

针对现有基于聚类算法的入侵检测系统（IDS）无法适应系统日志的大规模增长，提出一种适用于云计算环境的基于差分进化的K-mediods聚类入侵检测算法。首先，将差分进化算法与K-mediods聚类算法相结合，利用差分进化算法强大的全局搜索能力，提高大规模数据样本聚类的收敛效率。其次，为了进一步提高聚类的优化能力，采用动态Gemini种群方案对差分进化算法进行改进，从而在保持种群多样性的同时改善易陷入局部最优的问题。最后，在大数据的入侵检测处理中，在Hadoop Map Reduce框架下并行设计优化的聚类算法。在开源云计算框架Hadoop集群环境下进行了仿真实验。实验结果表明，该算法的整体检测效果明显优于现有的入侵检测算法。