A cluster number specification-free algorithm in networks intrusion detection

With the crucial problem of specifying cluster number in clustering algorithm, a cluster number specification-free algorithm, F-CMSVM, is proposed in this paper. Firstly, the data set is classified into two clusters by Fuzzy C-means algorithm (FCM). Then the result is tested by Support Vector Machine (SVM) associated with a fuzzy membership function to confirm whether the data set could be classified. Finally, the process is repeated and the clustering result can be obtained. With this unsupervised algorithm, not only does the training data set need no labeling, but also the cluster number needs no specifying. Experiments over networks connection records from KDD CUP 1999 data set were implemented to evaluate the proposed method. To obtain an appropriate training data set and overcome the low efficiency in processing the high dimensional data set, a cross method and a feature selection algorithm based on mutual information were applied respectively in experiments. The result clearly shows the outstanding performance of the proposed method in decision of cluster number and effect of intrusion detection.