Adaptive Distributed Intrusion Detection using Hybrid K-means SVM Algorithm

Assuring secure and reliable operation of networks has become a priority research area these days because of ever growing dependency on network technology. Intrusion detection systems (IDS) are used as the last line of defence. IDS identifies patterns of known intrusions (misuse detection) or differentiates anomalous network data from normal data (anomaly detection). In this paper, a novel Intrusion Detection System (IDS) architecture is proposed which includes both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of a centralised anomaly detection module and distributed signature detection modules. The proposed anomaly detection module uses hybrid machine learning algorithm called k-means clustering support vector machine (KSVM). This hybrid system couples the benefits of low false-positive rate of signature-based intrusion detection system and anomaly detection system’s ability to detect new unknown attacks.