Abstract

The most daunting and challenging task in intrusion detection is to distinguishing between normal and malicious traffics effectively. In order to complete such a task, the biological danger theory has appeared to be one of the most appealing immunological models which has been converted to a computer science algorithm, named as Dendritic Cell Algorithm (DCA). To perform a binary classification, the DCA goes through four phases, preprocessing, detection, context assessment and classification. In particular, the context assessment phase is performed by comparing the signal concentration values between mature (i.e., abnormality) and semi-mature (i.e., normality) contexts. The conventional DCA requires a crisp separation between semi-mature and mature cumulative context values. This can be hard if the difference between the two contexts is marginal, which negatively affects the classification accuracy. In addition, it is technically difficult to quantify the actual meaning of semi-mature and mature in the DCA. This paper proposes an approach that integrates the K-Means clustering algorithm to the DCA to map the DCA cumulative semi-mature and mature context values into semi-mature (normal) and mature (anomaly) clusters in order to improve the classification accuracy. The KDD99 data set was utilized in this work for system validation and evaluation, and the experimental results revealed an improvement in the classification accuracy by the proposed approach.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.