A genetic clustering technique for Anomaly-based Intrusion Detection Systems

The Security of network resources, computer systems and data has become a great issue resulting from the advent of the internet and the threats that comes with it. To ensure a good level of security, Intrusion Detection Systems (IDS) have been widely deployed and many techniques to detect, identify and classify attacks have been proposed, developed and tested either offline or online. In this paper, we propose a clustering-based detection technique using a genetic algorithm named Genetic Clustering for Anomaly-based Detection (GC-AD). GC-AD uses a dissimilarity measure to form k clusters. It, then, applies a genetic process where each chromosome represents the centroids of the k clusters. A two-stage fitness function is proposed. i) We introduce a confidence interval to refine the clusters in order to obtain partitions that are more homogeneous. ii) We compute and maximize the inter-cluster variance over the generations. The accuracy of our technique is tested on different subset from KDD99 dataset. The results are discussed and compared to k-means clustering algorithm.