Comparative Analysis Of K-Means Data Mining and Outlier Detection Approach for Network-Based Intrusion Detection
International Journal of Computer Science and Information Security (IJCSIS), Vol. 16, No. 4, April 2018
16 Pages Posted: 20 Dec 2019
Date Written: April 4, 2018
New kind of intrusions causes deviation in the normal behaviour of traffic flow in computer networks every day. This study focused on enhancing the learning capabilities of IDS to detect the anomalies present in a network traffic flow by comparing the k-means approach of data mining for intrusion detection and the outlier detection approach. The k-means approach uses clustering mechanisms to group the traffic flow data into normal and abnormal clusters. Outlier detection calculates an outlier score (neighbourhood outlier factor NOF) for each flow record, whose value decides whether a traffic flow is normal or abnormal. These two methods were then compared in terms of various performance metrics and the amount of computer resources consumed by them. Overall, k-means was more accurate and precise and has better classification rate than outlier detection in intrusion detection using traffic flows. This will help systems administrators in their choice of IDS.
Suggested Citation: Suggested Citation