Abstract:In order to address the problem of difficultly collecting abnormal data in IDS, solve the problem of existing sparse sample in normal space to reduce the performance in traditional SVDD, a novel model of intrusion detection based on SVDD algorithm and Cluster algorithm is presented. K-MEANS classification method is firstly applied to cluster the training data. Then SVDD is used to describe the central data distribution characteristics with high data description ability. The decision function is determined to classify the samples. The kernel parameter is analyzed as well as other detection techniques are compared in experiment. The results show the method is particularly well adapted to network intrusion detection application.