Intrusion detection systems (IDS) effectively complement other security mechanisms by detecting malicious activities on a computer or network, and their development is evolving at an extraordinary rate. The anomaly-based IDS, which uses learning algorithms, allows detection of unknown attacks. Unfortunately, the major challenge of this approach is to minimize false alarms while maximizing detection and accuracy rates. To overcome this problem, we propose a hybrid learning approach through the combination of K-Means clustering and Naïve Bayes classification. K-Means clustering is used to cluster all data into the corresponding group based on data behavior, i.e. malicious and non-malicious, while the Naïve Bayes classifier is used to classify clustered data into correct categories, i.e. R2L, U2R, Probe, DoS and Normal. Experiments have been carried out to evaluate the performance of the proposed approach using KDD Cup ’99 dataset. The results showed that our proposed approach significantly improves the accuracy, detection rate up to 99.6% and 99.8%, respectively, while decreasing false alarms to 0.5%.
K-Means Clustering and Naive Bayes Classification for Intrusion Detection
