Abstract:
Detection effectiveness of an IDS is characterized by high detection accuracy, high detection rate and low false positive rate. Many existing Anomaly-based Intrusion Detection Systems (AIDS) are ineffective and fail to distinguish between normal and abnormal data. This affects the detection accuracy and generates a high false alarm rate. Various clustering techniques have been used for Intrusion Detection for identifying anomalous events. The most important advantage of the clustering method is the ability to find unknown attacks that have not been previously detected. In this paper, a hybrid clustering algorithm based on the combination of the k-Means and Gravitational Search Algorithms (KM-GSA) is designed. In the KM-GSA, the GSA is used to solve the clustering problem by refining the clusters formed by the KM algorithm. The KDD 99 data set consisting of five traffic classes was used as the training and testing dataset. The result of the KM-GSA was compared against the results of the KM algorithm and GSA.
