Practical Intrusion Detection Using Genetic-Clustering

Filtering and classifying features of attack traffic is a crucial issue for network security applications such as intrusion detection systems (IDS). In this research, a genetic-clustering algorithm has been developed to detect and classify the data instances collected from IDS into normal or attack clusters automatically. The proposed algorithm can obtain the optimal clustering solution based on the minimum within-cluster distance (WCD) and maximum between-cluster distance (BCD). The advantages of the proposed algorithm are increasing the DR(Detection Rate), reducing the process time, decreasing the FNR(False Negative Rate) and also identify new attack traffics. The proposed algorithm is consisted of two phases, training phase and testing phase, and used the dataset generated from the 1999 KDD Cup dataset.