A novel model of IDS based on automatic clustering number determination

To address the problem of how to pre-define a clustering number in Fuzzy C-means algorithm(FCM), a clustering algorithm, F-CMSVM, (Fuzzy C-means and Support Vector Machine algorithm), is proposed so as to determine the clustering number in an automatic way. Above all, the data set is classified into two clusters by FCM. Then, support vector machine (SVM) with a fuzzy membership function is to testify whether the data set can be further classified. Thus, the result of clusters can be obtained by repeating the computation process. Because affiliating matrix, obtained by the introduction of SVM into FCM, is defined to be the fuzzy membership function, each different input data sample can have different penalty value, and the separating hyper-plane is optimized. F-CMSVM is an unsupervised algorithm in which it is neither needed to label training data set nor specify clustering number. As shown from our simulation experiment over networks connection records from KDD CUP 1999 data set, F-CMSVM has efficient performance in clustering number optimization and intrusion detection.

[1]  Julie A. Dickerson,et al.  Fuzzy intrusion detection , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[2]  Lei Xu,et al.  Rival penalized competitive learning , 2007, Scholarpedia.

[3]  Jaideep Srivastava,et al.  Data Mining for Network Intrusion Detection , 2002 .

[4]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[5]  Olivier Chapelle,et al.  Model Selection for Support Vector Machines , 1999, NIPS.

[6]  Lizhong Xiao,et al.  K-means Algorithm Based on Particle Swarm Optimization Algorithm for Anomaly Intrusion Detection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[7]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[8]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[9]  Hava T. Siegelmann,et al.  Support Vector Clustering , 2002, J. Mach. Learn. Res..

[10]  Dae-Won Kim,et al.  Validation of Fuzzy Partitions Obtained through Fuzzy C-Means Clustering , 2003, ISMIS.