Evolving Dynamic Fuzzy Clustering (EDFC) to Enhance DRDoS_DNS Attacks Detection Mechnism

Abstract

Distinguishing between network traffic activity, intrusion, and normal bahavour is very difficult and very time-consuming. An analyst has to review all the large and wide data to find the order of intrusion in the networkconnection. Therefore, a method that can detect network intrusion and reflect the current network traffic is required.In this paper, a new EDFC model (Evolving Dynamic Fuzzy clustering) algorithm is generated to improve and enhancethe detection mechanism. The proposed model contains two parts: the cluster part and evolving part. This paper's mainobjective is to design and implement a novel and data density-based clustering scheme that provides high systemperformance and persistent grouping of data with high similarity and performance on big data for efficient machinelearning. Compared to previous techniques, the suggested model's performance with several standard datasets such asthe UNSW-NB15 dataset, KDD99 dataset, and NSLKDD dataset indicates a higher silhouette coefficient. In theEDFC model two metrics have been used to verify the quality of clusters, and these are the silhouette coefficient andthe number of clusters. The EDFC model has achieved a high silhouette coefficient, and a low number of clusterscompare to other models. Our focus is to enhance the detection mechanism for the DRDoS_DNS attacks. Therefore,The EDFC model has been implemented on the standard CICDDoS2019 dataset which contains DRDoS_DNS attacksand achieved a silhouette coefficient of 0.76 and a number of cluster 13