NIDS For Unsupervised Authentication Records of KDD Dataset in MATLAB

Most anomaly based NIDS employ supervised algorithms, whose performances highly depend on attack-free training data. Moreover, with changing network environment or services, patterns of normal traffic will be changed. In this paper, we developed intrusion detection system is to analyses the authentication records and separate UNFEIGNED and fraudulent authentication attempts for each user account in the system. Intrusions are detected by determining outliers related to the built patterns. We present the modification on the outlier detection algorithm. It is important problems to increase the detection rates and reduce false positive rates in Intrusion Detection System. Although preventative techniques such as access control and authentication attempt to prevent intruders, these can fail, and as a second line of defense, intrusion detection has been introduced. Rare events are events that occur very infrequently, detection of rare events is a common problem in many domains. Support Vector Machines (SVM) as a classical pattern recognition tool have been widely used for intrusion detection. However, conventional SVM methods do not concern different characteristics of features in building an intrusion detection system. Also evaluate the performance of K-Means algorithm by the detection rate and the false positive rate. All result evaluate with the new model of KDD dataset. Result generates in ROC Curves and compared both result of K-Means and SVM in Matlab. KeywordsAnomaly detection; Intrusion Detection; Expectation Maximization; MATLAB; UNSOUND authentication; UNFEIGNED; reduce false.