KM-NEU: An Efficient Hybrid Approach for Intrusion Detection System

Abstract

Due to the widespread use of Internet and communication networks, a reliable and secure network plays a crucial role for Information Technology (IT) service providers and users. The hardness of network attacks as well as their complexities has also increased lately. The anomaly-based Intrusion Detection Systems (IDS) are able to detect unknown attacks. Major task of this research is to increase detection rate and accuracy while keeping the false alarm at low rate. To overwhelm this challenge a new hybrid learning approach, KM-NEU is proposed by combination of K-means clustering and Neural Network Multi-Layer Perceptron (MLP) classification. The K-means clustering algorithm is engaged for grouping analogous nodes into k clusters using the similarity measures such as attack and non-attack, whereas the Neural Network Multi-Layer Perceptron classifies the clustered data into detail categories such as R2L, Probing, DoS, U2R and Normal. Performance of this hybrid approach is evaluated with standard knowledge discovery in databases (KDD Cup ’99) dataset. The experimental results confirm that this approach has considerably increased in the detection rate and accuracy and reduce in false alarm rate compared to single neural network classifier.