Abstract
The massive growth of data in the network leads to attacks or intrusions.
An intrusion detection system detects intrusions from high volume datasets
but increases complexities. A network generates a large number of unlabeled
data that is free from labeling costs. Unsupervised feature selection handles
these data and reduces computational complexities. In this paper, we have
proposed a clustering method based on unsupervised feature selection and
cluster center initialization for intrusion detection. This method computes
initial centers using sets of semi-identical instances, which indicate dense data
space and avoid outliers as initial cluster centers. A spatial distance between
data points and cluster centers create micro-clusters. Similar micro-clusters
merge into a cluster that is an arbitrary shape. The proposed cluster center
initialization based clustering method performs better than basic clustering,
which takes fewer iterations to form final clusters and provides better accuracy.
We simulated a wormhole attack and generated the Wormhole dataset
in the mobile ad-hoc network in NS-3. This work has executed on different
network datasets (KDD, CICIDS2017, and Wormhole dataset), which
outperformed for new attacks or those attacks contain few samples. Experimental
results confirm that the proposed method is suitable for LAN and
mobile ad-hoc network, varying data density, and large datasets.
An intrusion detection system detects intrusions from high volume datasets
but increases complexities. A network generates a large number of unlabeled
data that is free from labeling costs. Unsupervised feature selection handles
these data and reduces computational complexities. In this paper, we have
proposed a clustering method based on unsupervised feature selection and
cluster center initialization for intrusion detection. This method computes
initial centers using sets of semi-identical instances, which indicate dense data
space and avoid outliers as initial cluster centers. A spatial distance between
data points and cluster centers create micro-clusters. Similar micro-clusters
merge into a cluster that is an arbitrary shape. The proposed cluster center
initialization based clustering method performs better than basic clustering,
which takes fewer iterations to form final clusters and provides better accuracy.
We simulated a wormhole attack and generated the Wormhole dataset
in the mobile ad-hoc network in NS-3. This work has executed on different
network datasets (KDD, CICIDS2017, and Wormhole dataset), which
outperformed for new attacks or those attacks contain few samples. Experimental
results confirm that the proposed method is suitable for LAN and
mobile ad-hoc network, varying data density, and large datasets.
Original language | English |
---|---|
Article number | 102062 |
Journal | Computers and Security |
Volume | 99 |
Early online date | 24 Sept 2020 |
DOIs | |
Publication status | Published - 31 Dec 2020 |
Keywords
- unsupervised intrusion detection
- unsupervised feature selection
- cluster center initialization
- clustering
- mobile ad-hoc network
- wormhole attack