The Combined Approach for Anomaly Detection Using Neural Networks and Clustering Techniques

Abstract

Nowadays detection of new threats has become a necessity for secured communication to provide absolute data confidentiality, integrity and availability. Designand development of such an intrusion detection system in the communication world, should not only be new, accurate and fast but also effective in a n environment encompassing the surrounding network. In this paper, anew approach is proposed for network anomaly detection by combining neural network and clustering algorithms. We propose modified Self Organizing Map algorithms which initially starts with null network and grows with the original data space as initial weight vector, updating neighbourhood rules and learning rate dynamically in order to overcome the fixed architecture and random weight vector assignmentof simple SOM. New nodes are created using distance threshold parameter and their neighbourhood is identified using connection strength and its learning rule and the weight vector updation iscarried out for neighbourhood nodes. The k-means clustering algorithm is employed for groupingsimilar nodes of Modified SOM into k clusters using similarity measures. Performance of the new approach is evaluated with standard bench mark dataset. The new approach is evaluatedusing performance metrics such asdetection rate and false alarm rate. The result is compared with other individual neural network methods, which shows considerable increase in the detection rate and 2% false alarm rate.