Anomaly-based intrusion detection through K-means clustering and naives bayes classification

Intrusion detection systems (IDSs) effectively balance extra security appliance by identifying intrusive activities on a computer system, and their enhancement is emerging at an unexpected rate. Anomaly-based intrusion detection methods, which employ machine learning algorithms, are able to identify unforeseen attacks. Regrettably, the foremost challenge of this method is to minimize false alarm while maximizing detection and accuracy rate. We propose an integrated machine learning algorithm across K-Means clustering and Naive Bayes Classifier called KMC+NBC to overcome the aforesaid drawbacks. K-Means clustering is applied to labeling and gathers the entire data into corresponding cluster sets based on the data behavior, i.e. , i.e. normal and attack, while Naive Bayes Classifier (NBC) is applied to reorder the misclassified clustered data into correct categories. Experiments have been performed to evaluate the performance of KMC+NBC and NBC against ISCX 2012 Intrusion Detection Evaluation Dataset. The result shows that KMC+NBC significantly improves the accuracy, detection rate up to 99% and 98.8%, respectively, while decreasing the false alarm to 2.2%.

[1]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[2]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[3]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[4]  Shahram Sarkani,et al.  A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier , 2012, Expert Syst. Appl..

[5]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[6]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[7]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[8]  Manas Ranjan Patra,et al.  A Hybrid Intelligent Approach for Network Intrusion Detection , 2012 .

[9]  Wenke Lee,et al.  A Data Mining Framework for Adaptive Intrusion Detection ∗ , 1998 .

[10]  Yingbing Yu,et al.  A survey of anomaly intrusion detection techniques , 2012 .

[11]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .

[12]  Carlos García Garino,et al.  Automatic network intrusion detection: Current techniques and open issues , 2012, Comput. Electr. Eng..