G-Means: A clustering algorithm for intrusion detection

Abstract

Coupled with the explosion of number of the network-oriented applications, intrusion detection as an increasingly popular area is attracting more and more research efforts, especially in anomaly intrusion detection area. Literature shows clustering techniques, like K-means, are very useful methods for the intrusion detection but suffer several major shortcomings, for example the value of K of K-means is particularly unknown, which has great influence on detection ability. In this paper, a heuristic clustering algorithm called G-means is presented for intrusion detection, which is based on density-based clustering and K-means and overcomes the shortcomings of K-means. The results of experiments show that G-means is an effective method for the intrusion detection with the high Detection Rate and the low False Positive Rate, as it can reveal the number of clusters in the dataset and initialize reasonably the cluster centroids, which makes G-means accelerate the convergence and obtain preferable performance than K-means. © 2009 Springer Berlin Heidelberg.