Anomaly Detection Based on K-Means and Rough ...

Anomaly Detection Based on K-Means and Rough K-Means

Author Name : Dr. A. Suresh Rao

ABSTRACT

In computer networks many types of security methods like access control, encryption and firewalls are used but network breaches increases day by day. Many current Network Intrusion Detection Systems (NIDS) are rule-based systems, which are very difficult in encoding rules, and cannot detect novel intrusions. Intrusion Detection Systems help information systems prepare for, and deal with attacks. The main objective of this anomaly detection technique is determining the anomalous and normal data by clustering all data respectively using the k-means clustering algorithm. K-means clustering is a method of vector quantization originally from signal processing that is popular for cluster analysis in data mining. K-means clustering aims to partition n observations into k clusters .The k-means clustering algorithm is used to detect intrusions by clustering the normal network connections data to collect the most of intrusions together in one or more clusters. The approach is evaluated over the knowledge discovery and data mining (kdd’99) dataset. The results show that the k-means clustering algorithm achieves detection rates and false positive rates better than the existing system.