Clustering-Based Network Intrusion Detection System

Abstract

The increasing sophistication of network attacks and the inability of traditional defensive techniques such as firewalls or weak passwords against them have led researchers to propose network intrusion detection systems. Many network intrusion detection systems using machine learning techniques have been proposed, but the detection performance of some systems can be further improved. In addition, many systems adopted multiple machine learning classifiers to cooperate in generating detection results, but the individual classifiers in the system are often difficult to operate independently, limiting the flexibility of the system. This paper presents a Clustering-Based Network Intrusion Detection System, which applies the concept of clustering to detect network attacks by using the K-Nearest Neighbor algorithm for the initial detection of network attack types, and the Decision Tree algorithm specializes in detecting specific types of attacks. This improves the detection performance of the system and maintains the usability of an individual classifier.