An Anomaly based method for implementing Intrusion Detection Systems is described which uses a Novel PRFCM Clustering and KNN based Dempster-Shafer Rule. The PRFCM Clustering is a modification to the existing FCM Clustering Algortihm. Pre-Processed NSL-KDD dataset was used to get the results. The results are evaluated and compared with original FCM algortihm in the paper.
The FCM algorithm is very sensitive to noise and is easily struck at local optima. In order to overcome this limitation, spatial context of connection is taken into account considering its neighboring connections. A Penalty Reward based FCM algorithm is implemented here which can handle small as well as large amount of noise by adjusting a penalty and reward coefficient. The algorithm takes into account both the feature information and spatial information. The objective function is modified to incorporate the penalty and reward term by which it can overcome the local optima. The new objective function of the PRFCM algorithm is defined as follows:
- Clone this repository
- Download the data from this link
- Make sure you have Java installed
- To run the PRFCM clustering compile and execute
IntrusionDetectionSystem.java
file - To run the FCM clustering compile and execute
FCM.java
file - (Optional) In order to re-create the auxillary files use the
NearestNeighbour.java
file
The experiments are performed on NSL-KDD Train and Test Dataset. These dataset were pre-processed and normalized before use. It can be obtained from the following source.
The following results show the performance of PRFCM clustering over FCM clustering algorithm
- Partha Ghosh
- Shivam Shakti
- Santanu Phadikar
This paper was published in International Journal of Cloud Applications and Computing
Volume 6 • Issue 4 • October-December 2016