Performance Comparison Of Different Clustering Algorithms With ID3 Decision Tree Learning Method For Network Anomaly Detection

This paper proposes a combinatorial method based on different clustering algorithms with ID3 decision tree classification for the classification of network anomaly detection. The idea is to detect the network anomalies by first applying any clustering algorithm to partition it into a number of clusters and then applying ID3 algorithm for the decision that whether an anomaly has been detected or not. An ID3 decision tree is constructed on each cluster. A special algorithm is used to combine results of the two algorithms and obtain final anomaly score values. The threshold rule is applied for making decision on the test instance normality or abnormality. Here we are comparing the result performance of the best clustering algorithm for the detection of the network anomalies. The algorithms that we shall apply here are k-mean algorithm, hierarchical clustering, expected maximization clustering. All these algorithms are first applied on the data sets consisting of a captured network ARP traffic to group them into a number of clusters and then by applying ID3 decision tree classification on each of the clustering algorithm for the detection of the network anomalies and compare the performance of each clustering algorithm.