Today in the age of computers and internet, identity theft, data theft, privacy and confidentiality infringement are some of the major issues faced by organizations as well as individuals. Network and System Security can be provided with the help of firewalls and Intrusion Detection Systems. An Intrusion Detection System (IDS) investigates all incoming and outgoing network traffic to identify malicious behavior that may pose a threat to the confidentiality, integrity or availability of a network or a system. IDS can be signature-detection (misuse) based or anomaly detection based. Misuse detection technique can be used to detect only known attacks whereas anomaly detection can be used to detect novel attacks (Unknown Attacks).This paper focuses on Hybrid Intrusion Detection System which combines both Misuse and Anomaly Detection modules. Various data mining techniques have been developed and implemented to be used with Intrusion Detection Systems. We use K-Means Clustering Algorithm to cluster and classify the incoming data into normal and anomalous connections. Clustering is an unsupervised learning technique for finding patterns in collection of unsupervised data. Prototype testing shows that K-Means algorithm can be successfully used to detect unknown attacks in real live data.

K-Means, Intrusion Detection system, Data Mining, Clustering

[1] M. Jianliang, S. Haikun and B. Ling, "The Application on Intrusion Detection Based on K-means Cluster Algorithm," Information Technology and Applications, 2009. IFITA '09. International Forum on, Chengdu, 2009, pp. 150-152. Doi: 10.1109/IFITA.2009.34
[2] Ms. Urvashi Modi, Prof. Anurag Jain. A survey of IDS classification using KDD CUP 99 dataset in WEKA, International Journal of Scientific & Engineering Research, Volume 6, Issue 11, November-2015
[3] L.Dhanabal, Dr. S.P. Shantharajah. A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms. International Journal of Advanced Research in Computer and Communication Engineering Vol. 4, Issue 6, June 2015
[4] N. T. Tran, S. Tomiyama, S. Kittitornkun and Tran Huy Vu, "TCP reassembly for signature-based Network Intrusion Detection systems," EEE, Computer, Telecommunications and Information Technology (ECTI-CON), 2012 9th International Conference on, Phetchaburi, 2012, pp. 1-4. doi: 10.1109/ECTICon.2012.6254336.
[5] Monowar Hussain Bhuyan, D K Bhattacharyya and J K Kalita. Survey on Incremental Approaches for Network Anomaly Detection. International Journal of Communication Networks and Information Security (IJCNIS) Vol. 3, No. 3, December 2011
[6] Sachin Baghel, Prof. Anurag Jain, Dr. J. L. Rana. A Review of Various Intrusion Detection Techniques on KDD Cup99 Dataset. International Journal of Emerging Technology and Advanced Engineering Volume 5, Issue 8, August 2015
[7] Nguyen Ha Duong, Hoang Dang Hai. A Model for Network TrafficAnomaly Detection. ICACT Transactions on Advanced Communications Technology (TACT) Vol. 4, Issue 4, July 2015.
[8] H. Günes Kayacık, A. Nur Zincir-Heywood, Malcolm I. Heywood. Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets. DOI: 17.01.16
https://web.cs.dal.ca/~zincir/bildiri/pst05-gnm.pdf