Unsupervised feature selection and cluster center initialization based arbitrary shaped clusters for intrusion detection

摘要

The massive growth of data in the network leads to attacks or intrusions. An intrusion detection system detects intrusions from high volume datasets but increases complexities. A network generates a large number of unlabeled data that is free from labeling costs. Unsupervised feature selection handles these data and reduces computational complexities. In this paper, we have proposed a clustering method based on unsupervised feature selection and cluster center initialization for intrusion detection. This method computes initial centers using sets of semi-identical instances, which indicate dense data space and avoid outliers as initial cluster centers. A spatial distance between data points and cluster centers create micro-clusters. Similar micro-clusters merge into a cluster that is an arbitrary shape. The proposed cluster center initialization based clustering method performs better than basic clustering, which takes fewer iterations to form final clusters and provides better accuracy. We simulated a wormhole attack and generated the Wormhole dataset in the mobile ad-hoc network in NS-3. Micro-clustering methods have executed on different network datasets (KDD, CICIDS2017, and Wormhole dataset), which outperformed for new attacks or those contain few samples. Experimental results confirm that the proposed method is suitable for LAN and mobile ad-hoc network, varying data density, and large datasets.