An Intrusion Detection System Based on the Clustering Ensemble

Intrusion detection system (IDS) is an important component of computer network security, while clustering analysis is a common unsupervised anomaly detection method. However, it is difficult for the single clustering algorithm to get the great effective detection, and the data of intrusion attacks is anomalistic normally. This paper presents an unsupervised anomaly detection system based on the clustering ensemble. The system is based on the multiple runs of K-means to accumulate evidence to avoid the false classification of anomalistic data; then using single-link to construct the hierarchical clustering tree to get the ultimate clustering result to solve the above problems. Finally, the KDD99 CUP test data is used to show that this system is greatly effective. It also compares with another IDS based on congeneric clustering algorithm to demonstrate the superiority of this system.