An anomaly-based network intrusion detection system using ensemble clustering

Abstract

The numbers of hacking and intrusion incidents are high due to the increasing use of internet services and computer application. Therefore, intrusion detection systems (IDS) are inevitable in today's scenario (Koruba et al., 2017). In this paper, an unsupervised technique based on hybrid clustering algorithms is used for Anomaly detection. Incremental support vector machine (ISVM) and C means (FCM) algorithms are applied to preprocess the data set and detect the anomalies respectively. Further, the processed data is fed to the DBSCAN algorithm for further detection of anomalies. The results of the detection system are communicated to the intrusion prevention system (IPS). The proposed hybrid algorithm is applied for KDD Cup 1999 dataset and Gure Kdd Cup data base (2008) and the results show high detection rates and low false positive alarms. Further, the proposed technique performs well with a real time data in detecting anomalies with enhanced true positive rate.