Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Evaluation of K-Means Clustering for Effective Intrusion Detection and Prevention in Massive Network Traffic Data

International Journal of Computer Applications
© 2014 by IJCA Journal
Volume 96 - Number 7
Year of Publication: 2014
Kamini Nalavade
B. B. Meshram

Kamini Nalavade and B B Meshram. Article: Evaluation of K-Means Clustering for Effective Intrusion Detection and Prevention in Massive Network Traffic Data. International Journal of Computer Applications 96(7):9-14, June 2014. Full text available. BibTeX

	author = {Kamini Nalavade and B. B. Meshram},
	title = {Article: Evaluation of K-Means Clustering for Effective Intrusion Detection and Prevention in Massive Network Traffic Data},
	journal = {International Journal of Computer Applications},
	year = {2014},
	volume = {96},
	number = {7},
	pages = {9-14},
	month = {June},
	note = {Full text available}


With the growth of hacking and exploiting tools and invention of new ways of intrusion, Intrusion detection and prevention is becoming the major challenge in the world of network security. It is becoming more demanding due to increasing network traffic and data on Internet. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. Intrusion detection systems using data mining approaches make it possible to search patterns and rules in large amount of audit data. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Unsupervised learning methods are efficient in detecting unknown attacks in large datasets. In this paper we investigate clustering approaches for network intrusion detection. We carried out our experiments on K-means clustering algorithm and measured the performance based on detection rates and false positive rate with different cluster values. The KDD dataset which is freely available online is used for our experimentation and results are compared. Our intrusion detection system using clustering approach is able to detect different types of intrusions, while maintaining a low false positive rate.


  • V. Kumar, Parallel and distributed computing for cybersecurity. IEEE Distributed Systems, 2005
  • Z. -X. Yu, J. -R. Chen and T. -Q. Zhu, A novel adaptive intrusion detection system based on data mining, in Proceedings IEEE International Conference on Machine Learning and Cybernetics(2005), pp. 2390–2395.
  • X. Zhu, Z. Huang and H. Zhou, Design of a multi-agent based intelligent intrusion detection system, in Proceedings 1st International Symposium on Pervasive Computing and Applications (Urumqi, China, 2006) (IEEE Computer Society), pp. 290–295.
  • W. Li,K. Zhang,B. Li and B. Yang ,An efficient framework for intrusion detection based on data mining, in Proceedings 2005 ICSC Congress on Computational Intelligence Methods and Applications (IEEE Computer Society) (2005).
  • C. -T. Lu, A. P. Boedihardjo and P. Manalwar, Exploiting efficient data mining techniques to enhance intrusion detection systems, in Proceedings IEEE International Conference on Information Reuse and Integration (Las Vegas, NV) (IEEE Computer Society, 2005), pp. 512–517.
  • T. M. Khoshgoftaar, C. Seiffert and N. Seliya, Labeling network event records for intrusion detection in a wireless LAN, inforrmation Reuse and Integration (Waikoloa Village, HI) (IEEE Computer Society) (2006), pp. 200–206.
  • J. Zhang and M. Zulkernine, A hybrid network intrusion detection technique using random forests, in Proceedings 1st International Conference on Availability, Reliability and Security (IEEE Computer Society) (2006), pp. 8.
  • W. Lee, S. Stolfo and K. Mok, Mining in a data-flow environment: Experience in network intrusion detection, in Proc. 5th ACM SIGKDD Int. Conf. Knowledge Discovery Data Mining (San Diego, CA) (1999), pp. 114–124.
  • D. E. Denning, An intrusion detection model, IEEE Trans. Software Engineering 13 (1987) 222–232.
  • E. Eskin, Anomaly detection over noisy data using learned probability distributions, in Proc. 17th Int. Conf. Machine Learning (San Francisco, CA) (2000), pp. 255–262.
  • L. Portnoy, E. Eskin and S. Stolfo, Intrusion detection with unlabeled data using clustering, in ACM Workshop on Data Mining Applied to Security (Philadelphia, PA) (2001).
  • N. Ye and X. Li, A scalable clustering technique for intrusion signature recognition, in Proc. 2nd IEEE SMC Information Assurance Workshop (2001), pp. 1–4.
  • Y. Guan, A. A. Ghorbani and N. Belacel, Y-means: A clustering method for intrusion detection, in Canadian Conference on Electrical and Computer Engineering, Montral, Qubec, Canada (2003), pp. 1–4.
  • T. M. Khoshgoftaar, S. V. Nath, S. Zhong and N. Seliya, Intrusion detection in wireless networks using clustering techniques with expert analysis, in Proceedings 4t International Conference on Machine Learning and Applications (Los Angeles, CA (2005), p. 6.
  • S. Zhong, T. M. Khoshgoftaar and N. Seliya, Evaluating clustering techniques for network intrusion detection, in 10th ISSAT Int. Conf. on Reliability and Quality Design (Las Vegas, Nevada, USA) (2004), pp. 173–177.
  • J. MacQueen, Some methods for classification and analysis of multivariate observations. In Proc. 5th Berkeley Symp. Math. Statistics and Probability (1967), pp. 281–297.
  • J. D. Banfield and A. E. Raftery, Model-based Gaussian and non-Gaussian clustering, Biometrics (1993) 803–821.
  • T. Kohonen, Self-Organizing Map (Springer-Verlag, New York, 1997).
  • T. M. Martinetz, S. G. Berkovich and K. J. Schulten, Neural-Gas network for vector quantization and its application to time-series prediction, IEEE Trans. Neural Networks (1993) 558–569.
  • B. Fischer, T. Zoller and J. M. Buhmann, Path based pairwise data clustering with application to texture segmentation, Lecture Notes in Computer Science 2134 (2001) 235–250.
  • G. Karypis, E. -H. Han and V. Kumar, Chameleon: Hierarchical clustering using dynamic modeling, IEEE Computer (1999) 68–75.
  • G. Karypis, CLUTO — A Clustering Toolkit , Dept. of Computer Science, University of Minnesota, May 2002. http://www-users. cs. umn. edu/ karypis/cluto/.
  • S. Zhong and J. Ghosh, A unified framework for model-based clustering, Journal of Machine Learning Research (2003) 1001–1037.
  • S. Zhong, T. M. Khoshgoftaar and N. Seliya, Analyzing software measurement data with clustering techniques, IEEE Intelligent Systems (2004) 20–27.
  • SK Sharma, P Pandey, SK Tiwar "An improved network intrusion detection technique based on k-means clustering via Naïve bayes classification" IEEE Volume 2, Issue 2, February 2012, Issn 2151-961.
  • M,Varaprsad Rao "Algorithm for Clustering with Intrusion Detection Using Modified and Hashed K – Means Algorithms "Published by IEEE Computer Society,2012
  • Zhenglie Li"Anomaly Intrusion Detection Method Based on K-Means Clustering Algorithm with Particle Swarm Optimization "Springer Volume 4, Issue 2, April 2011.
  • Thaksen J. Parvat" Network Log Clustering Using K-Means Algorithm'In IEEE Pasfic asia workshop of networking 2011. Dabas et al. , International Journal of Advanced Research in Computer Science and Software Engineering 3(3), March - 2013, pp. 507-511 © 2013, IJARCSSE All Rights Reserved Page | 511
  • Asmaa Shaker Ashoor (Department computer science, Pune University) Prof. Sharad Gore (Head department statistic, Pune University), "Importance of Intrusion Detection System (IDS)", International Journal of Scientific & Engineering Research, Volume 2, Issue 1, January-2011 ISSN 2229-5518.
  • Hamdan. O. Alanazi, Rafidah Md Noor, B. B Zaidan, A. A Zaidan, "Intrusion Detection System: Overview "Journal Of Computing, Volume 2, Issue 2, February 2010, Issn 2151-961
  • Varun Chandola University Of Minnesota Arindam Banerjee University Of Minnesota And Vipin Kumar University Of Minnesota "Anomaly Detection : A Survey", ACM Computing Surveys, September 2009.
  • Paul Barford University of Wisconsin, Nick Duffield AT&T, Amos Ron University and Joel Sommers Colgate, "Network Performance Anomaly Detection and Localization" Infocom 2009.
  • Tarem Ahmed, Boris Oreshkin and Mark Coates, Department of Electrical and Computer Engineering McGill University Montreal, QC, Canada "Machine Learning Approaches to Network Anomaly Detection" in Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, 2007.
  • Weiyu Zhang; Qingbo Yang; Yushui Geng, "A Survey of Anomaly Detection Methods in Networks", Computer Network and Multimedia Technology, 2009. CNMT 2009. International Symposium.