Analysis of KDD CUP 99 Dataset using Clustering based Data Mining

The KDD Cup 99 dataset has been the point of attraction for many researchers in the field of intrusion detection from the last decade. Many researchers have contributed their efforts to analyze the dataset by different techniques. Analysis can be used in any type of industry that produces and consumes data, of course that includes security. This paper is an analysis of 10% of KDD cup’99 training dataset based on intrusion detection. We have focused on establishing a relationship between the attack types and the protocol used by the hackers, using clustered data. Analysis of data is performed using k-means clustering; we have used the Oracle 10g data miner as a tool for the analysis of dataset and build 1000 clusters to segment the 494,020 records. The investigation revealed many interesting results about the protocols and attack types preferred by the hackers for intruding the networks. Keyword: KDD 99 dataset, clustering, k-means, intrusion detection

[1]  Felix C. Freiling,et al.  Towards an Intrusion Detection System in Wireless Sensor Networks , 2007 .

[2]  Céline Fiot,et al.  Data Mining for Intrusion Detection: From Outliers to True Intrusions , 2009, PAKDD.

[3]  T. Soni Madhulatha,et al.  An Overview on Clustering Methods , 2012, ArXiv.

[4]  Taisir Eldos,et al.  ON THE KDD'99 DATASET: STATISTICAL ANALYSIS FOR FEATURE SELECTION , 2012 .

[5]  Morteza Amini,et al.  Network-Based Intrusion Detection Using Unsupervised Adaptive Resonance Theory ( ART ) , 2022 .

[6]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Mohammad Zulkernine,et al.  Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection , 2006, 2006 IEEE International Conference on Communications.

[8]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[9]  Marcos M. Campos,et al.  Creation and deployment of data mining-based intrusion detection systems in Oracle Database l0g , 2005, Fourth International Conference on Machine Learning and Applications (ICMLA'05).

[10]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[11]  Kamel Faraoun,et al.  Genetic Programming Approach for Multi-Category Pattern Classification Applied to Network Intrusions Detection , 2006, Int. Arab J. Inf. Technol..

[12]  Hao Song,et al.  A Novel Intrusion Detection Method Based on Adaptive Resonance Theory and Principal Component Analysis , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[13]  Kanok Prothives,et al.  Integrating ART and Rough Set Approach for Computer Security , 2009 .

[14]  N. Ye,et al.  A Scalable Clustering Technique for Intrusion Signature Recognition , 2001 .

[15]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[16]  S. Kumar,et al.  Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[17]  Edward Skoudis Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses , 2001 .

[18]  F. Freiling,et al.  Towards Intrusion Detection in Wireless Sensor Networks , 2007 .

[19]  Jérôme Darmont,et al.  Adaptive Network Intrusion Detection Learning: Attribute Selection and Classification , 2009 .

[20]  Kijoon Chae,et al.  Attack Classification Based on Data Mining Technique and Its Application for Reliable Medical Sensor Communication , 2009, Int. J. Comput. Sci. Appl..

[21]  Jose F. Nieves,et al.  Data Clustering for Anomaly Detection in Network Intrusion Detection , 2009 .

[22]  V. Rao Vemuri,et al.  Detecting And Visualizing Denial-of-Service And Network Probe Attacks Using Principal Component Analysis , 2005 .

[23]  V. Vemuri,et al.  Detecting Denial-of-Service And Network Probe Attacks Using Principal Component Analysis , 2003 .