Network Level Anomaly Detection System Using MST Based Genetic Clustering

With the ubiquitousness and far reaching effects of Internet, the role played by Internet security systems becomes very critical. There arises an imminent need for an in force Intrusion Detection Systems (IDS). In this paper, we propose a blend of an anomaly detection system and misuse detection system. A two-phase Intrusion Detection System (IDS) involves Misuse Detection System using supervised learning techniques and Anomaly Detection System using unsupervised learning techniques. Anomalies are outliers, corresponding to attacks characterized by isolated, sparse clusters. MST based Clustering identifies the outliers by exploiting the isolation property. But in this process, some group of normal packets may be broken into sparse clusters. Our Genetic Algorithm based Optimization combines the sparse normal clusters with sufficiently close normal clusters. The resulting clusters can directly correspond to normal or anomalous types. Experimental results performed using KDD Cup 1999 dataset proved that the proposed method provides significantly high detection rates compared to other techniques.

[1]  Dongyi Ye,et al.  Minimum Spanning Tree Based Spatial Outlier Mining and Its Applications , 2008, RSKT.

[2]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[3]  Bin-Xing Fang,et al.  A Lightweight Intrusion Detection Model Based on Feature Selection and Maximum Entropy Model , 2006, 2006 International Conference on Communication Technology.

[4]  Zhiqiang Xie,et al.  A Clustering Algorithm Based on Improved Minimum Spanning Tree , 2007, Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007).

[5]  D. Mitchell Wilkes,et al.  A Divide-and-Conquer Approach for Minimum Spanning Tree-Based Clustering , 2009, IEEE Transactions on Knowledge and Data Engineering.

[6]  Anil K. Jain,et al.  Algorithms for Clustering Data , 1988 .

[7]  Terrence P. Fries,et al.  A fuzzy-genetic approach to network intrusion detection , 2008, GECCO '08.

[8]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[9]  Shian-Shyong Tseng,et al.  Two-phase clustering process for outliers detection , 2001, Pattern Recognit. Lett..