Author(s): K.RANJITH SINGH, T.HEMA
Intrusion Detection System is an important technology in business sector as well as active area of research. It is an important tool for information security. An intrusion detection system is used to detect attacks or intrusions and report these intrusions to the user in order to take evasive action. Most of the existing commercial NIDS products are signature-based but not adaptive. Our paper proposes an Adaptive NIDS using K-Means clustering techniques of Data mining approaches. Definite behaviour of network traffic is precisely captured using Data mining approaches, and the set excavated differentiates between “normal” and “attack” traffic. Current researches comprise of single engine detection systems, whereas our proposed system is constructed by a number of Agents, which are totally different in both training and detecting processes. Using k-means clustering algorithm, respective type of packets is clustered under respective Agents formed after clustering. Each of the Agents is responsible for capturing a network behaviour type and hence the system has strength on detecting different types of attacks as well as ability of detecting new types of attacks. The experimental results show that the network traffic pattern used as reliable agents outperforms from traditional signature-based NIDS.