{"title":"An Enhanced approach of the K-means clustering for Anomaly-based intrusion detection systems*","authors":"Meriem Kherbache, D. Espès, Kamal Amroun","doi":"10.1109/ICCMA53594.2021.00021","DOIUrl":null,"url":null,"abstract":"The development of an anomaly-based Intrusion Detection System (IDS) is of primary importance in networks because it reinforces security. Unlike supervised methods, unsupervised methods are not widely used although they are fast and efficient. In this paper, we propose an unsupervised approach based on the K-means method to show the efficacy of these models over the supervised methods. The proposed model improves the K-means method using the Caliniski Harabasz indicator to find the appropriate number of clusters required for clustering by computing the intra-cluster to inter-cluster ratio. Above all, the proposed model is applied to two datasets, the well-known NSL-KDD and the newest CICIDS2017. The experimental results show that the proposed model exceeds largely the traditional K-means method. Additionally, it is also very efficient both in detection and time consuming compared to the SVM classifier that is a supervised classifier.","PeriodicalId":131082,"journal":{"name":"2021 International Conference on Computing, Computational Modelling and Applications (ICCMA)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computing, Computational Modelling and Applications (ICCMA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCMA53594.2021.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The development of an anomaly-based Intrusion Detection System (IDS) is of primary importance in networks because it reinforces security. Unlike supervised methods, unsupervised methods are not widely used although they are fast and efficient. In this paper, we propose an unsupervised approach based on the K-means method to show the efficacy of these models over the supervised methods. The proposed model improves the K-means method using the Caliniski Harabasz indicator to find the appropriate number of clusters required for clustering by computing the intra-cluster to inter-cluster ratio. Above all, the proposed model is applied to two datasets, the well-known NSL-KDD and the newest CICIDS2017. The experimental results show that the proposed model exceeds largely the traditional K-means method. Additionally, it is also very efficient both in detection and time consuming compared to the SVM classifier that is a supervised classifier.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
