Multi-density clustering algorithm for anomaly detection Using KDD'99 dataset

Abstract

Anomaly detection is currently an important and active research problem in many fields and involved in numerous application. Handle huge amount of data or traffic over the network is most challenge full task in area of Intrusion Detection System to identify the intrusion by analyzing network traffic. So we have required the some efficient technique for analyze the anomaly from network traffic which have good detection rate with less false alarm and it should be also time efficient. Motivation by above, in this paper we present a Multi-density Clustering Algorithm for anomaly detection (MCAD) over huge network traffic (Offline statistical traffic). In this approach we have improved the Birch Clustering [1] index problem with ADWICE (Anomaly detection with fast Incremental Clustering) [2] model using grid index. We have used the Intra cluster distance parameter property which can improve the quality of cluster in respect of outliers by the average intra cluster distance reduction. So in this approach rather than threshold concept at insertion of data point in the cluster we have used the cluster quality indices for insert a data point in the cluster and checked it is being optimized or not. The method is verified by experimental of proposed approach on KDD'99 [3] data set which is standard off line data set. Experimental results illustrate better false alarm detection rate and time efficiency by using proposed MCAD approach. © 2011 Springer-Verlag.