CKMSA: An anomaly detection process based on K-means and simulated annealing algorithms

In modern years, countless researchers are interested in anomaly detection techniques for building intrusion detection systems (IDS). Intrusion detection is a process of recognizing attacks and intrusions. The IDS key purpose is to classify the Regular and Intrusive activities. Anomaly based IDS are built on an approach including first training a system with data in order to establish a certain view of normality and then use the determined profile on actual data to flag non-conformities. However, those kinds of IDS are highly vulnerable to mistaken alerts and present at the same time a very low detection rate when the learning is performed on misclassified data. Therefore, the need for an underlying clustering algorithm, which can process optimally the data grouping, is on agenda. In our paper, we combined two methods of clustering and optimization, namely K-means and Simulated Annealing, in order to achieve a global optimum classification for the data subject to learning and consequently avoid being limited to local optimum solutions. The K-Means in this work is used in its semi-supervised variant in order to lessen the number of times that the algorithm is applied and thus keep our work likely to be used in real time context. The developed algorithm has produced satisfactory results when applied on NSL-KDD data set, the tests reveal this method can enhance the detection and misdetection rates of intrusion detection systems. © 2016 Praise Worthy Prize S.r.l. - All rights reserved.