An Efficient Hybrid Clustering-PSO Algorithm for Anomaly Intrusion Detection

Generally speaking, in anomaly intrusion detection, modeling the normal behavior of activities performed by a user or a program is an important issue. Currently most machine-learning algorithms which are widely used to establish user’s normal behaviors need labeled data for training first, so they are computational expensive and sometimes misled by artificial data. This study proposes a PSO-based optimized clustering method IDCPSO for modeling the normal patterns of a user’s activities which combines an unsupervised clustering algorithm with the PSO technique, PSO algorithm is used to optimize the clustering results and obtain the optimal detection result. IDCPSO needs unlabeled data for training and automatically establishes clusters so as to detect intruders by labeling normal and abnormal groups. The famous KDD Cup 1999 dataset is used to evaluate the proposed system. In addition, we compare the performance of PSO optimization process with GA.