An Unsupervised Clustering Algorithm for Intrusion Detection
نویسندگان
چکیده
As the Internet spreads to each corner of the world, computers are exposed to miscellaneous intrusions from the World Wide Web. Thus, we need effective intrusion detection systems to protect our computers from the intrusions. Traditional instance-based learning methods can only be used to detect known intrusions since these methods classify instances based on what they have learned. They rarely detect new intrusions since these intrusion classes has not been learned before. We expect an unsupervised algorithm to be able to detect new intrusions as well as known intrusions. In this paper, we propose a clustering algorithm for intrusion detection, called Y-means. This algorithm is developed based on the H-means+ algorithm [2] (an improved version of the K-means algorithm [1]) and other related clustering algorithms of K-means. Y-means is able to automatically partition a data set into a reasonable number of clusters so as to classify the instances into ‘normal’ clusters and ‘abnormal’ clusters. It overcomes two shortcomings of K-means: degeneracy and dependency on the number of clusters . The results of simulations that run on KDD-99 data set [3] show that Ymeans is an effective method for partitioning large data set. An 89.89% detection rate and a 1.00% false alarm rate were achieved with the Y-means algorithm.
منابع مشابه
A Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملClustering-based Network Intrusion Detection
Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection—a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in ...
متن کاملClustering and Hybrid Genetic Algorithm based Intrusion Detection Strategy
Ad hoc networks face serious security threat due to its inherent weaknesses. Intrusion detection is crucial technology in protecting the security of Ad hoc networks. Recently, Intrusion Detection Systems (IDS) face open issues, such as how to make use of intrusion detection technologies to excavate normal/abnormal behaviors from a lot of initialized data and dig out invasion models later for in...
متن کاملUnsupervised Sequential Information Bottleneck Clustering For Building Anomaly Based Network Intrusion Detection Model
In this paper we present a novel approach to unsupervised clustering in building an efficient anomaly based network intrusion detection model. The method is based on a recently introduced sequential information bottleneck (sIB) principle. KDDCup 1999 intrusion detection benchmark dataset is used for the experimentation of our proposed technique. The experimental results demonstrate that the pro...
متن کاملComparison of Fuzzy Clustering Algorithms in Intrusion Detection System. J World Elec. Eng. Tech., 3 (2): 53-58
According to the growth of the Internet technology, there is a need to develop strategies in order to maintain security of system. One of the most effective techniques is Intrusion Detection System (IDS). Clustering which is commonly used to detect possible attacks is one of the branches of unsupervised learning. Fuzzy clustering algorithms play an important role to reduce spurious alarms and I...
متن کامل