Abstract
In the present world, it is difficult to realize any computing application working on a standalone computing device without connecting it to the network. A large amount of data is transferred over the network from one device to another. As networking is expanding, security is becoming a major concern. Therefore, it has become important to maintain a high level of security to ensure that a safe and secure connection is established among the devices. An intrusion detection system (IDS) is therefore used to differentiate between the legitimate and illegitimate activities on the system. There are different techniques are used for detecting intrusions in the intrusion detection system. This paper presents the different clustering techniques that have been implemented by different researchers in their relevant articles. This survey was carried out on 30 papers and it presents what different datasets were used by different researchers and what evaluation metrics were used to evaluate the performance of IDS. This paper also highlights the pros and cons of each clustering technique used for IDS, which can be used as a basis for future work.
Highlights
Due to the increasing growth of computer network usages, network security is becoming an important issue
The approach was used in KDD99 dataset with 10-fold cross-validation and the result showed that triangle area based nearest neighbor (TANN) can effectively detect the intrusion detection with high accuracy and detection rates as compared to support vector machines, k-NN, and the hybrid classifier K-means and k-NN
The intrusion detection system is a way of analyzing the network traffic so that unwanted packets or any malicious activities on the system are detected and prevented
Summary
Due to the increasing growth of computer network usages, network security is becoming an important issue. There are many number of data mining techniques available for detecting network intrusions. There are different supervised techniques have been used to detect intrusion This approach depends on the labeled data and requires the system to be trained on the known data. The problem with this type of technique is its high dependency on training data and the inability to detect any new type of attacks To overcome this limitation of the supervised technique, an unsupervised approach can be used for intrusion detection, which can detect the unlabeled data. The first assumption is that the number of normal connections is larger than abnormal connections and the second assumption is that the feature of the abnormal network is different than the normal network Depending upon these assumptions, there are many clustering techniques can be used for detecting intrusions and attacks such as hierarchical, partitional, grid-based, and density-based clustering techniques.
Sign-in/Register to view highlights & summary 
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call