Intrusion Detection System with Data Stream Clustering Approach

fast and high-quality Intrusion Detection algorithms play an important role in providing security management component by organizing large amounts of information into a small number of meaningful clusters. In particular, clustering algorithms that build meaningful groups of data via network log file are ideal tools for their interactive visualization and exploration as they provide a powerful mechanism to detect malicious sessions. This paper focuses on data stream algorithms that build such detection solution and (i) present a comprehensive study data stream clustering algorithm that use different functions and schemes to solve different problems in this area, and (ii) presents a new class of clustering algorithms called Divide and Conquer stream clustering algorithms, which combine features from both partitional and agglomerative approaches that allows them to reduce the early-stage errors made by agglomerative methods and hence improve the quality of clustering solutions. The experimental evaluation shows that, Proposed method lead to better solutions than previous algorithms; making it ideal for clustering large amount of datum network log file due to not only their relatively low computational requirements, but also higher clustering quality. Furthermore, the proposed method consistently leads to better solution when there is no cluster in a window of data and data is monotonous, as well.