Some Clustering Algorithms to Enhance the Performance of the Network Intrusion Detection System

Most current intrusion detection systems are signature based ones or machine learning based methods. Despite the number of machine learning algorithms applied to KDD 99 cup, none of them have introduced a pre-model to reduce the huge information quantity present in the different KDD 99 datasets. Clustering is an important task in mining evolving data streams. Besides the limited memory and one-pass Constraints, the nature of evolving data streams implies the following requirements for stream clustering: no assumption on the number of clusters, discovery of clusters with arbitrary shape and ability to handle outliers. Traditional instance-based learning methods can only be used to detect known intrusions, since these methods classify instances based on what they have learned. They rarely detect new intrusions since these intrusion classes has not been able to detect new intrusions as well as known intrusions. In this paper, we propose some clustering algorithms such as K-Means and Fuzzy c-Means for network intrusion detection. The experimental results obtained by applying these algorithms to the KDD-99 data set demonstrate that they perform well in terms of both accuracy and computation time. Key-Words: Intrusion Detection, K-Means, Fuzzy c-Means, MF plot, ROC