Amalgamation of K-means Clustering Algorithm with Standard MLP and SVM Based Neural Networks to Implement Network Intrusion Detection System

Intrusion Detection Systems (IDS) are becoming an essential component usually in network and data security weapon store. Since huge amount of existing off-line data and newly appearing network records that needs analysis, data mining techniques play a vital role in development of IDS. The key idea of using data mining techniques for IDS is to aim at taking benefit of classification capability of supervised learning based neural networks and clustering abilities of unsupervised learning based neural networks. In this paper, we propose an efficient intrusion detection model by amalgamating competent data mining techniques such as K-means clustering, Multilayer layer perception (MLP) neural network and support vector machine (SVM), which significantly improve the prediction of network intrusions. Since the number of clusters desired for intrusion detection problem is defined by user a priori and does not change, we employed K-means clustering technique. In the final stage, SVM classifier is used as it produces superior results for binary classification while compared to the other classifiers. We have received the best results and these are compared with results of other existing methods to prove the effectiveness of our model.

[1]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Beverly B. McCollum,et al.  Research report , 2001 .

[3]  Sung-Bae Cho,et al.  Evolutionary neural networks for anomaly detection based on the behavior of a program , 2005, IEEE Trans. Syst. Man Cybern. Part B.

[4]  Prasert Kanthamanon,et al.  Hybrid Neural Networks for Intrusion Detection System , 2002 .

[5]  Bo Yang,et al.  Hybrid flexible neural‐tree‐based intrusion detection systems , 2007, Int. J. Intell. Syst..

[6]  Bernhard Pfahringer,et al.  Winning the KDD99 classification cup: bagged boosting , 2000, SKDD.

[7]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[8]  Ramesh C. Agarwal,et al.  PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection) , 2001, SDM.

[9]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[10]  T. Ambwani,et al.  Multi class support vector machine implementation to intrusion detection , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[11]  Kotagiri Ramamohanarao,et al.  Attacking Confidentiality: An Agent Based Approach , 2006, ISI.

[12]  Longbing Cao,et al.  Novel Intrusion Detection using Probabilistic Neural Network and Adaptive Boosting , 2009, ArXiv.

[13]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[14]  Mohammad Reza Norouzian,et al.  Classifying attacks in a network intrusion detection system based on artificial neural networks , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[15]  Uwe Aickelin,et al.  Rule generalisation in intrusion detection systems using SNORT , 2007, Int. J. Electron. Secur. Digit. Forensics.

[16]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[17]  Kotagiri Ramamohanarao,et al.  Layered Approach Using Conditional Random Fields for Intrusion Detection , 2010, IEEE Transactions on Dependable and Secure Computing.