International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
(Re-evaluation in-progress)

IJSTR >> Volume 1 - Issue 11, December 2012 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Evaluation of Fuzzy K-Means And K-Means Clustering Algorithms In Intrusion Detection Systems

[Full Text]



Farhad Soleimanian Gharehchopogh, Neda Jabbari, Zeinab Ghaffari Azar



Index Terms:- Intrusion detection system, k-means, fuzzy k-means, clustering algorithm, Fuzzy IDS



Abstract:- According to the growth of the Internet technology, there is a need to develop strategies in order to maintain security of system. One of the most effective techniques is Intrusion Detection System (IDS). This system is created to make a complete security in a computerized system, in order to pass the Intrusion system through the firewall, antivirus and other security devices detect and deal with it. The Intrusion detection techniques are divided into two groups which includes supervised learning and unsupervised learning. Clustering which is commonly used to detect possible attacks is one of the branches of unsupervised learning. Fuzzy sets play an important role to reduce spurious alarms and Intrusion detection, which have uncertain quality.This paper investigates k-means fuzzy and k-means algorithm in order to recognize Intrusion detection in system which both of the algorithms use clustering method.



[1] Pormohseni, Review and identify the computer network intrusion detection systems, 2011 (Language in Persian).

[2] R.Heady, G. Luger, A. Maccabe, M. Sevilla.” The Architecture of a Network-level Intrusion Detection System”, Technical report, CS90-20. Dept. of Computer Science, University of New Mexico, Albuquerque, NM 87131.pp:1-18, 1990.

[3] K.Scarfone and p.Mell, Guid to intrusion detection and prevention systems (idps), National Institude of Standard and Technology, Special publication800-94, page 127, 2007.Availabel:http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf, Last Available: 23.08.2012.

[4] Bro IDS homepage, Available: www.bro-ids.org, Last Available: 23.07.2012.

[5] A. A.Ghorbani, W. Lu, M.Tavallaee, Network Intrusion Detection and Prevention: Concepts and Techniques, Springerpublisher, pages 234, 2009.

[6] J.P Anderson,”ComputerSecurity Threat monitoring and surveillance, (1980), Availabel: http://csrc.nist.gov/publications/history/ande80.pdf, Last Availabel: 05.08.2012.

[7] A.hamidi,M.rezai, Introduction to Intrusion Detection System (Part I), Technical report,MashadUniversity,Iran,( language in Persian)

[8] C.Kruegel, F.Valeur, G.Vigna,”Intrusion Detection and Correlation challenges and Solution” University of California, Santa Barbara, Springer Science USA, 2005.

[9] Vance Faber,”Clustring and the Continuous K-means Algorithm”, Los Almas since Number22, pp: 138-144, 1994.

[10] M.Ghasemi, M.Khanghandi, The application of fuzzy logic in Algvkhvshh recognition scheme, Arak, Iran, 2009. (language in Persian)

[11] K.K.Bharti,S.Shukla, S Jaim,”Intrusion Detection using Clustering”,special Issue of IJCCT2010 for International Confrance [ACCTA-2010] , Vol 1,Issue2,3,4, pp:158-165, 3-5Agust 2010

[12] CERT Advisory CA-96.26, Availabe: http://www.cert.org/ftp/cert_advisories/CA-96.26.ping. December 16, 1996, Last Availabe: 05.08.2012.

[13] R.K.C. Chang, “Defending Against Flooding-Based, Distributed Denial-of-Service Attacks: A Tutorial”, IEEE Communication Magazine, Vol 40, No.10, pp: 42-51, 2002.

[14] CERT Advisory CA-98.01. Availabe: http://www.cert.org/ftp/cert_advisories/CA-98.01.smurf. January 5, 1998, Last Availabe: 05.08.2012.

[15] CERT Advisory CA-97.28Availabe: http://www.cert.org/ftp/cert_advisories/CA-97.28.Teardrop_Land. December 16, 1997, Last Availabe: 05.08.2012.

[16] S.Garfinkel, G.Spafford, A. Schwatz, PracticalUNIX and internet security, OReilly and Associates, Sebastopol, CA, USA, page: 988, 2003.

[17] K. Kendall,” A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems”, Bachelor of Science in Computer Science and Engineering and Master of Engineering in Electrical Engineering and Computer Science, pages:124, June 1999

[18] Anonymous. “Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network”, Chapter 15, pp.359-362.Sams.net, 201 West 103rd Street, Indianapolis, IN, 46290.1997.

[19] CERT Advisory CA-96.12, Available http://www.cert.org/ftp/cert_advisories/CA-96.12.suidperl_vul. June 26, 1996, Last Availabe: 05.08.2012.

[20] CERTAdvisoryCA-93.18, CA-95:12, Availabel: http://www.cert.org/ftp/cert_advisories/CA95:12 .sunloadmodule.vul. September 19, 1997, Last Availabe: 05.08.2012.

[21] DE Denning, “An intrusion-detection model”, IEEE Transactions on software engineering, pp: 222-232., 1987.

[22] S. Antonatos, K.G. Anagnostakis, and E.P. Markatos,” Generating realistic workloads for network intrusion detection systems”, ACM SIGSOFT Software Engineering Notes 29, No. 1, pp: 207–215, 2004.

[23] M. Sebring, E. Shellhouse, M. Hanna, and R. Whitehurst, “Expert systems in intrusion detection: A case study”, 11th National Computer Security Conference, pp: 74–81, 1988.

[24] T. Lunt, R. Jagannathan, R. Lee, S. Listgarten, D. Eclwards, P. Neumann, H. Javitz, and A. Valdes, “IDES: The Enhanced Prototype. A RealTime Intrusion Detection Expert System”Academic report, SRI-CSL-88-12, October 1988. Availabel: http://www.csl.sri.com/papers/1sri/1sri.pdf, Last Availabel: 05.08.2012.

[25] D. Anderson, T. Frivold, and A. Valdes, “Next-generation intrusion detection expert system” (NIDES): A summary, SRI International, Computer Science Laboratory, 1995.Availabel: http://www.thc.org/root/docs/intrusion_detection/nids/NIDES-Summary.pdf , Last Availabel: 02.08.2012.

[26] D. Anderson, T.F. Lunt, H. Javitz, A. Tamaru, and A. Valdes, “ Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Detection Expert System (NIDES)”, SRI International, Computer Science Laboratory, 1995.Availabel: http://www.sdl.sri.com/papers/5sri/5sri.pdf, Last Availabel: 02.08.2012.

[27] W. Lee, S. J. Stolfo, and K. W. Mok,” A data mining framework for building intrusion detection models”, 1999 IEEE Symposium on Security and Privacy, pp: 120–132, May 1999.

[28] W. Lee, S.J. Stolfo, “Data mining approaches for intrusion detection”, 7th USENIX Security Symposium,Vol: 7, PP: 6-6, 1998.

[29] W. Lee, S.J. Stolfo, and K.W. Mok, “Mining audit data to build intrusion detection models”, 4thInternational Conference on Knowledge Discovery and Data Mining, AAAI Press, pp: 66–72, 1998.

[30] S.E. Smaha, Haystack, “An intrusion detection system”, Aerospace Computer Security Applications Conference, pp: 37–44, 1988.

[31] A.Ph. Porras, P.G. Neumann, “Emerald: Event monitoring enabling responses to anomalous live disturbances”, Proceedings of the National Information Systems SecurityConference, pp: 353-365, 1997.

[32] P. Uppuluri, R. Sekar, “Experiences with specification-based intrusion detection”, Proceedings of Recent Advances in Intrusion Detection, 4th International Symposium, (RAID2001) (Davis, CA, USA) (W, L. M Lee, and A. Wespi, eds.), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, pp:172–189 ,October 2001.

[33] C.Ko, P.Brutch, J.Rowe, G.Tsafnat, K. Levitt, “System health and intrusion monitoring using a hierarchy of constraints”, Proceedings of Recent Advances in Intrusion Detection, 4th International Symposium, (RAID 2001) (Davis, CA, USA) (W, L. M Lee, and A. Wespi, eds.), Lecture Notes in Computer Science, Springer-Verlag Heidelberg, pp. 190–203, October2001.

[34] B James, E. Robert, F.William, “The Fuzzy C-Means Clustering Algorithm “, Computers & Geosciences, Vol: 10, No. 2-3, pp. 191-203, 1984.

[35] Z. HUANG,”Extensions to the k-Means Algorithm for Clustering Large Data Sets with Categorical Values”, Kluwer Academic Publishers. Manufactured, Data Mining and Knowledge Discovery 2, pp: 283–304 , 1998.

[36] 1999 DARPA Intrusion Detection Evaluation Plan, Availabel: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/docs/id99-eval-ll.html, Last Availabel: 02.05.2012.

[37] H. G.Kayacık, A. N.ZHeywood, M.I.Heywood,” Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets”, Dalhousie University, Faculty of Computer Science, 6050 University Avenue, Halifax, Nova Scotia. B3H 1W5, Availabel: http://web.cs.dal.ca/~zincir/bildiri/pst05-gnm.pdf, Last Availabel: 02.05.2012.

[38] UCI KDD ArchiveAvailabel:http://kdd.ics.uci.edu, Last Availabel: 23.02.2012.

[39] Knowledge discovery in databases DARPA archive. Task. Description, Availabel: http://www.kdd.ics.uci.edu/databases/kddcup99/task.html, Last Availabel: 02.05.2012.