Anomaly based Intrusion Detection using Modified Fuzzy Clustering

C security has become an increasingly vital field in computer science in response to the proliferation of private sensitive information. The term “Intrusion” refers to any unauthorized access which attempts to compromise confidentiality, integrity and availability of information resources [1] [14] [32]. Traditional intrusion prevention techniques such as firewalls, access control and encryption have failed to fully protect systems from sophisticated attacks. As a result, Intrusion Detection System has become an indispensable component of computer security which is used to detect the aforementioned threats. In 1987, Denning [7] first proposed an intrusion detection model. Since then many researchers have been focusing on developing efficient and accurate Intrusion Detection System (IDS) models. The intrusion detection techniques fall under two types, Misuse or Signature Based and Anomaly Based methods. Signature based methods detect only known intrusion attacks whose signatures are stored in the database. These methods fail to detect unknown intrusions. On the other hand, anomaly based methods detect the attacks based on the signature deviation. In early days, intrusion detection is done using rule based approaches, where experts define a set of rules for normal and abnormal conditions. These systems work better for known attacks but fail to detect unknown attacks. In later 1990’s researchers concentrated to develop automatic intrusion detection methods. Many researchers used data mining and machine learning algorithms to detect unknown attacks. Among various intrusion detection techniques, Fuzzy Logic based methods play a very important role. From literature review it is found that clustering methods are widely used approaches in intrusion detection system. Jianliang et al, [13] developed an intrusion detection system using K-means clustering algorithm. The experimentation was carried out on standard KDD-99 dataset. Cluster to class mapping, No class and Class Dominance are the key problems in K-means clustering. To overcome these drawbacks, Bharti et al., [4] developed two variants of traditional K-means algorithm. Ren et al., [23] developed a Fuzzy C-Means (FCM) algorithm to detect intrusions. The intrusion detection model was built through carrying out fuzzy partition and clustering of data. The experimental result shows that the algorithm can effectively separates normal and abnormal data. To overcome cluster centre initialization and convergence problem of FCM, Wang et al., [29] proposed a hybrid algorithm for intrusion detection system. This hybrid method combines FCM with Quantam behaved Particle Swarm Optimization. The Particle Swarm Optimization algorithm is used to overcome the drawback of FCM and to achieve global optimization and fast convergence. Guorui et al., [10] developed a semi supervised Fuzzy C-Means clustering algorithm for intrusion detection. This method overcomes the drawbacks of FCM i.e Sensitivity to the initial values and converging to the local minima by using few labelled data to improve the learning ability of the Fuzzy C-Means. Sampat and Sonawani [25] developed an intrusion detection system using Improved Dynamic Fuzzy C-Means (IDFCM) clustering. The IDFCM is a variant of the traditional FCM which adaptively updates the cluster centres. Experimental result shows the IDFCM gives better detection accuracy rate than traditional FCM. Hameed et al., [11] developed an hybrid clustering algorithm for intrusion detection. This hybrid algorithm combines Modified Fuzzy Possiblistic C-Means (MFPCM) and symbolic fuzzy clustering. This method uses 30 features with optimal sensitivity and highest discriminatory power. Ganapathy et al., [9] proposed a intrusion detection system based on Weighted FCM and Immune Genetic Algorithm (GA). The Weighted FCM is a modification of FCM which builds a system for more accurate DOI: 10.9781/ijimai.2017.05.002 Keywords