Title: An anomaly-based network intrusion detection system using ensemble clustering

Authors: V. Jackins; D. Shalini Punithavathani

Addresses: Department of Information Technology, National Engineering College, Kovilpatti, Tamil Nadu, 628503, India ' Department of Computer Science and Engineering, Government College of Engineering, Tirunelveli, Tamil Nadu, 627007, India

Abstract: The numbers of hacking and intrusion incidents are high due to the increasing use of internet services and computer application. Therefore, intrusion detection systems (IDS) are inevitable in today's scenario (Koruba et al., 2017). In this paper, an unsupervised technique based on hybrid clustering algorithms is used for Anomaly detection. Incremental support vector machine (ISVM) and C means (FCM) algorithms are applied to preprocess the data set and detect the anomalies respectively. Further, the processed data is fed to the DBSCAN algorithm for further detection of anomalies. The results of the detection system are communicated to the intrusion prevention system (IPS). The proposed hybrid algorithm is applied for KDD Cup 1999 dataset and Gure Kdd Cup data base (2008) and the results show high detection rates and low false positive alarms. Further, the proposed technique performs well with a real time data in detecting anomalies with enhanced true positive rate.

Keywords: intrusion detection system; IDS; intrusion prevention system; IPS; KDD Cup 1999; Gure Kdd Cup database (2008); anomaly; clustering; network IDS.

DOI: 10.1504/IJENM.2018.094664

International Journal of Enterprise Network Management, 2018 Vol.9 No.3/4, pp.251 - 260

Received: 26 Apr 2017
Accepted: 02 Nov 2017

Published online: 03 Sep 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article