A clustering based algorithm for network intrusion detection

Abstract

The secure information transmission is very important in the present scenario. Many intrusion detection system (IDS) have been developed in recent past which are based on either signature information or anomaly information. But all these systems do generate a lot of false detections. In this work a hybrid IDS is being proposed which uses the signature and anomaly information together. The proposed algorithm first explore those traffic features which are changing during an intrusion activity and then based on a predefined threshold value the most prominent features related to attack are identified. Thereafter, these features are included in snort rule set to detect the anomalous traffic. This anomaly detection process is combined with existing signature of snort to produce the better detection. The proposed detection algorithm has been implemented on KDDcup99 dataset. It is observed through experimental results that the proposed algorithm efficiently detect the intrusion activity in the given network.