A Review of Clustering Techniques Based on Machine learning Approach in Intrusion Detection Systems
False alarm rate and detection accuracy are still challenging issues that are not completely solved yet in the field of Anomaly based Intrusion Detection System (AIDS). The reasons behind these issues vary according to the algorithm and the dataset used to train the IDS. Consequently, dealing with high dimensional data requires an efficient data reduction technique that considerably reduces the dimensionality without any substantial loss in the important features. However, the excessive reduction of features will lead to model some intrusive patterns similarly as normal ones. Indeed, this will result in misclassifications that will increase false negative rate, which degrades the accuracy of detection. This paper concludes many clustering techniques that were previously proposed to solve the inherent IDS problems. Where, the clustering techniques involved in three general aspects namely: data preprocessing, anomaly detection, and data projection/alarm filtering. Eventually, recommendations for future researches followed by the conclusion are depicted at the end of this paper.
Keywords: Intrusion Detection System, Clustering Techniques, Unsupervised Learning, Detection Rate, False Alarm Rate, Dataset, LVQ, SOM.
Download Full-Text
ABOUT THE AUTHORS
Ala’ Yaseen Ibrahim Shakhatreh
obtained his master degree in Information Technology from Universiti Utara Malaysia (UUM), and currently he is a PHD student in the Department of Computer Systems and Communications of Computer Science and Information Systems Faculty at the Universiti Teknologi Malaysia. His research area is in network security (Intrusion Detection System) and penetration testing. As he is supervised by Assoc. Prof. Kamalrulnizam Abu Bakar.
Kamalrulnizam Abu Bakar
obtained his PhD degree from Aston University (Birmingham, UK) in 2004. Currently, he is an Associate Professor in Computer Science at Universiti Teknologi Malaysia (Malaysia) and member of the “Pervasive Computing” research group. He involves in several research projects and is the referee for many scientific journals and conferences. His specialization includes mobile and wireless computing, information security and grid computing.
Ala’ Yaseen Ibrahim Shakhatreh
obtained his master degree in Information Technology from Universiti Utara Malaysia (UUM), and currently he is a PHD student in the Department of Computer Systems and Communications of Computer Science and Information Systems Faculty at the Universiti Teknologi Malaysia. His research area is in network security (Intrusion Detection System) and penetration testing. As he is supervised by Assoc. Prof. Kamalrulnizam Abu Bakar.
Kamalrulnizam Abu Bakar
obtained his PhD degree from Aston University (Birmingham, UK) in 2004. Currently, he is an Associate Professor in Computer Science at Universiti Teknologi Malaysia (Malaysia) and member of the “Pervasive Computing” research group. He involves in several research projects and is the referee for many scientific journals and conferences. His specialization includes mobile and wireless computing, information security and grid computing.
