Unsupervised feature selection and cluster center initialization based arbitrary shaped clusters for intrusion detection

Mahendra Prasad*, Sachin Tripathi, Keshav Dahal

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

31 Citations (Scopus)
86 Downloads (Pure)

Abstract

The massive growth of data in the network leads to attacks or intrusions.
An intrusion detection system detects intrusions from high volume datasets
but increases complexities. A network generates a large number of unlabeled
data that is free from labeling costs. Unsupervised feature selection handles
these data and reduces computational complexities. In this paper, we have
proposed a clustering method based on unsupervised feature selection and
cluster center initialization for intrusion detection. This method computes
initial centers using sets of semi-identical instances, which indicate dense data
space and avoid outliers as initial cluster centers. A spatial distance between
data points and cluster centers create micro-clusters. Similar micro-clusters
merge into a cluster that is an arbitrary shape. The proposed cluster center
initialization based clustering method performs better than basic clustering,
which takes fewer iterations to form final clusters and provides better accuracy.
We simulated a wormhole attack and generated the Wormhole dataset
in the mobile ad-hoc network in NS-3. This work has executed on different
network datasets (KDD, CICIDS2017, and Wormhole dataset), which
outperformed for new attacks or those attacks contain few samples. Experimental
results confirm that the proposed method is suitable for LAN and
mobile ad-hoc network, varying data density, and large datasets.
Original languageEnglish
Article number102062
JournalComputers and Security
Volume99
Early online date24 Sept 2020
DOIs
Publication statusPublished - 31 Dec 2020

Keywords

  • unsupervised intrusion detection
  • unsupervised feature selection
  • cluster center initialization
  • clustering
  • mobile ad-hoc network
  • wormhole attack

Fingerprint

Dive into the research topics of 'Unsupervised feature selection and cluster center initialization based arbitrary shaped clusters for intrusion detection'. Together they form a unique fingerprint.

Cite this