A hybrid clustering approach for network intrusion detection using cobweb and FFT

Abstract

With the proliferation of Internet computers are being exposed to malicious attacks. Network intrusions have become a growing concern. This has necessitated research to detect such unauthorized attempts of intruders and to devise appropriate techniques to deal with them in a timely manner. Traditional data mining techniques for intrusion detection can only detect known intrusions as they classify instances of intrusions based on what they have learned. They rarely detect attempts for intrusion which have not been encountered before. This paper investigates a hybrid clustering based filtering approach for high dimensional data clustering in detecting anomaly based network intrusions. A hierarchical conceptual clustering algorithm (COBWEB) has been used for data filtering and Farthest First Traversal (FFT) clustering technique for classification of rare attacks. We use KDDCupl999 benchmark intrusion dataset for our experimentation. The results show that the proposed approach is quite effective in comparison to their individual counterparts in detecting network intrusions, especially that come under U2R and R2L rare attacks category.