{"title":"基于异常的入侵检测系统中k -均值聚类的改进方法*","authors":"Meriem Kherbache, D. Espès, Kamal Amroun","doi":"10.1109/ICCMA53594.2021.00021","DOIUrl":null,"url":null,"abstract":"The development of an anomaly-based Intrusion Detection System (IDS) is of primary importance in networks because it reinforces security. Unlike supervised methods, unsupervised methods are not widely used although they are fast and efficient. In this paper, we propose an unsupervised approach based on the K-means method to show the efficacy of these models over the supervised methods. The proposed model improves the K-means method using the Caliniski Harabasz indicator to find the appropriate number of clusters required for clustering by computing the intra-cluster to inter-cluster ratio. Above all, the proposed model is applied to two datasets, the well-known NSL-KDD and the newest CICIDS2017. The experimental results show that the proposed model exceeds largely the traditional K-means method. Additionally, it is also very efficient both in detection and time consuming compared to the SVM classifier that is a supervised classifier.","PeriodicalId":131082,"journal":{"name":"2021 International Conference on Computing, Computational Modelling and Applications (ICCMA)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Enhanced approach of the K-means clustering for Anomaly-based intrusion detection systems*\",\"authors\":\"Meriem Kherbache, D. Espès, Kamal Amroun\",\"doi\":\"10.1109/ICCMA53594.2021.00021\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The development of an anomaly-based Intrusion Detection System (IDS) is of primary importance in networks because it reinforces security. Unlike supervised methods, unsupervised methods are not widely used although they are fast and efficient. In this paper, we propose an unsupervised approach based on the K-means method to show the efficacy of these models over the supervised methods. The proposed model improves the K-means method using the Caliniski Harabasz indicator to find the appropriate number of clusters required for clustering by computing the intra-cluster to inter-cluster ratio. Above all, the proposed model is applied to two datasets, the well-known NSL-KDD and the newest CICIDS2017. The experimental results show that the proposed model exceeds largely the traditional K-means method. Additionally, it is also very efficient both in detection and time consuming compared to the SVM classifier that is a supervised classifier.\",\"PeriodicalId\":131082,\"journal\":{\"name\":\"2021 International Conference on Computing, Computational Modelling and Applications (ICCMA)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Computing, Computational Modelling and Applications (ICCMA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCMA53594.2021.00021\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computing, Computational Modelling and Applications (ICCMA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCMA53594.2021.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Enhanced approach of the K-means clustering for Anomaly-based intrusion detection systems*
The development of an anomaly-based Intrusion Detection System (IDS) is of primary importance in networks because it reinforces security. Unlike supervised methods, unsupervised methods are not widely used although they are fast and efficient. In this paper, we propose an unsupervised approach based on the K-means method to show the efficacy of these models over the supervised methods. The proposed model improves the K-means method using the Caliniski Harabasz indicator to find the appropriate number of clusters required for clustering by computing the intra-cluster to inter-cluster ratio. Above all, the proposed model is applied to two datasets, the well-known NSL-KDD and the newest CICIDS2017. The experimental results show that the proposed model exceeds largely the traditional K-means method. Additionally, it is also very efficient both in detection and time consuming compared to the SVM classifier that is a supervised classifier.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
