An Extended Modified Fuzzy Possibilistic C-Means Clustering Algorithm for Intrusion Detection

Abstract—Computer intruders have become a major threat due to their wide spread through the Internet. Therefore, there was a need for security technique that monitors computer resources and sends reports on the activities of any anomaly or strange patterns which called Intrusion Detection (ID). A fuzzy clustering algorithm used because the boundaries between normal and intrusive cannot be well distinct due to the uncertainty nature of an attack. This paper proposed an algorithm for ID that combines both Modified fuzzy possiblistic C-Means (MFPCM) and symbolic fuzzy clustering in one algorithm called Extended Modified Fuzzy Possiblistic C-means (EMFPCM). To evaluate the EMFPCM, Knowledge Discovery and Data Mining Cup 1999 (KDD cup 99) intrusion detection dataset was used. The results indicated that the proposed algorithm was able to distinguish between normal and attack behaviors with high detection rate.

Index Terms—Fuzzy clustering, modified fuzzy possibilistic C-mean, intrusion detection, mixed features, symbolic data.

The authors are with the Computer Science Department, University of Baghdad, Jadiriya, P.O.Box 17635, Iraq (e-mail: sarab_majeed@ scbaghdad.edu.iq, sumasaad@yahoo.com, mfaisal@uob.edu.bh).

[PDF]

Cite: Sarab M. Hameed, Sumaya Saad, and Mayyadah F. AlAni, "An Extended Modified Fuzzy Possibilistic C-Means Clustering Algorithm for Intrusion Detection," Lecture Notes on Software Engineering vol. 1, no. 3, pp. 273-278, 2013.