tailieunhanh - The impact of distance metrics on K-means clustering algorithm using in network intrusion detection data

This paper aimed to evaluate the impact of Euclidean and Manhattan distance metrics on Kmeans algorithm using for clustering KDD cup99 intrusion detection data. Experimental results indicate that Manhattan distance metric performs better in terms of performance evaluation metrics than Euclidean distance metric. | International Journal of Computer Networks and Communications Security VOL. 3, NO. 5, MAY 2015, 225–228 Available online at: E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) The Impact of Distance Metrics on K-means Clustering Algorithm Using in Network Intrusion Detection Data HADI NASOOTI1, MARZIEH AHMADZADEH2, MANIJEH KESHTGARY3 and S. VAHID FARRAHI4 1, 2, 3, 4 Shiraz University of Technology, Department of Computer Engineering and IT, Shiraz, Iran E-mail: , 2ahmadzadeh@ ABSTRACT A Network Intrusion Detection System (NIDS) can detect suspicious activities that aimed to harm the network. Since, NIDS help us to keep the networks safer many researchers are motivated to propose more accurate NIDS. K-means clustering algorithm is a distance-based algorithm which widely used in IDS research area. This paper aimed to evaluate the impact of Euclidean and Manhattan distance metrics on Kmeans algorithm using for clustering KDD cup99 intrusion detection data. Experimental results indicate that Manhattan distance metric performs better in terms of performance evaluation metrics than Euclidean distance metric. Keywords: K-means Clustering, Network Intrusion Detection, Euclidean Distance, Manhattan Distance, Data Mining. 1 INTRODUCTION In computer security a threat is a possible danger that might use the system vulnerabilities in order to harm the system. An Intrusion Detection System (IDS) can detect suspicious activities that aimed to harm the network. So, an IDS can help network administrators and organizations to keep their networks safer. Up to now, the researchers are motivated in network and information security research area [1] because computer networks have many vulnerabilities and IDS can protect them from intruders. IDS can be classified into two major categories [2, 3]: Misuse-based Intrusion Detection System (MIDS) and Anomaly-based Intrusion Detection System (AIDS). The major difference between these two .

• Kỹ thuật lập trình
• International Journal of Computer Networks and Communications Security
• Distance metrics on K means clustering algorithm
• Network intrusion detection data
• Performance evaluation metrics
• Euclidean distance metric