Hyper clustering model for dynamic network intrusion detection

Generally, the existing Intrusion Detection Systems (IDS) solutions suffer from low detection accuracy for some attack types compared with overall of attacks. The data imbalance technically affects ratio frequent attacks class (e.g. zero-day attack) to more instances. Therefore, IDS-based machine learning algorithms potentially high false-positive rates. To overcome limitation solutions, a hyper-clustering model is proposed dynamic intrusion based on Density-Based Spatial Clustering Applications Noise (DBSCAN) and cosine similarity. solution develops standard DBSCAN by adding new evolving process distance measures between clusters dataset. Moreover, classifier similarity predict labelling abnormal behaviour. experimental results show that outperformed original DBCAN related works. mean silhouette achieves score 0.87 other solutions. Furthermore, reduces square error 0.66 0.13 86.82%, 79.10% 90.03% in general KDDTest+, KDDTest-21 NSL-KDD UNSW-NB15 benchmark datasets, respectively.