Fuzzy K-mean Clustering Via J48 For Intrusiion Detection System

Due to fast growth of the internet technology there is need to establish security mechanism. So for achieving this objective NIDS is used. Datamining is one of the most effective techniques used for intrusion detection. This work evaluates the performance of unsupervised learning techniques over benchmark intrusion detection datasets. The model generation is computation intensive, hence to reduce the time required for model generation various feature selection algorithm. Various algorithms for cluster to class mapping have been proposed to overcome problem like, class dominance, and null class problems. From experimental results it is observed that for 2 class datasets filtered fuzzy random forest dataset gives the better results. It is having 99.2% precision and 100% recall, So it can be summarize that proposed percentage is assignments and statistical model is giving better performance. Keywords— Feature selection, k-mean clustering, fuzzy k mean clustering, J48 clustering, and KDDcup 99 dataset. Introduction Intrusion is the sequence of the set of related activity which perform unauthorized access to the useful information and unauthorized file modification which causes harmful activity. Intrusion detection system deal with supervising the incidents happening in computer system or network environments and examining them for signs of possible events, which are infringement or imminent threats to computer security, or standard security practices. Various techniques have been used for intrusion detection. Datamining is one of the efficient techniques for intrusion detection. Datamining uses two learning, supervised learning and unsupervised learning. Clustering is unsupervised learning which characterize the datasets into subparts based on observation. Datapoint which belong to the clusters same clusters share common property. Most of the times distance measures are used for deciding the membership of the clusters. In many papers Euclidean distance measure is used for deciding the similarity between the datapoints. This paper is organized as follow: Section I gives over view of related works, section II contains framework of proposed model , section III contains experimental results and analysis, and finally Section IV 6 concludes the paper along with future works. I. RELATED WORK Authors [1-3] have used k-mean clustering for intrusion detection. The performance of k-mean clustering affected initial cluster center and number of cluster centroid. Zhang Chen et.al[4] has proposed a new concept for selecting the number of clusters. According author [4] the number of initial cluster for a datasets is and after that combine or divide the sub cluster based on the defined measures. Mark Junjie Li troids et al. [5] has proposed an extension to the standard fuzzy K-Means algorithm by introducing a penalty term to the objective function to make the clustering process not sensitive to the initial cluster centers Which make clustering to insensitive to initial cluster center. Mrutyunjaya Panda et.al [6] has used k-mean and fuzzy k-mean for intrusion detection. Sometimes k-mean clustering does not gives best results for large datasets. So for removing this problem Yu Guan et. al. [7] have introduced a new method Ymean which is variation of k-mean clustering it removes the dependency and degeneracy problem of k-mean clustering. Sometime single clustering algorithm doesnot gives best result so for removing this problem , Fangfei Weng et.al.[8] has used k-mean clustering with new concepts which is called Ensemble K-mean clustering. Cuixiao Zhang et.al [9] have used KD clustering for intrusion detection. Some of the authors have used k-mean clustering along with the other method for improving the detection rate of intrusion detection system. Authors [10-14] have used k mean clustering along with the other datamining techniques for intrusion detection. Authors [15] have used ANN along with the fuzzy k-mean clustering for intrusion detection which removes the problem related to the ANN. All of these techniques improve the detection rate for intrusion detection but no able to solve the class dominance problem of k-mean clustering So for removing this problem we are proposing two new algorithm which removes the class dominance problem along with the no class problem. In class dominance problem low instance classes (i.e. R2L and U2R) are dominated by high instances classes. In no class problem some of the clusters are assigned to no class. Kusum Bharti et al. / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 1 (4) , 2010, 315-318