Intrusion Detection with K-Means Clustering and OneR Classification

Detecting malicious activities remains an elusive goal and indispensable challenge with the growing of prevalence networks attacks. In recent years, much attention has been given to anomaly detection to perform intrusion detection. Unfortunately, the major challenge of this approach is to maximize detection, accuracy and to minimize false alarm; i.e. failure in detecting certain type of attacks correctly. To overcome this problem, we propose a hybrid learning approach through a combination of K-Means clustering and One-R classification. The approach clusters all data into corresponding groups which match their natural behavior. Later, the clustered data are classified into the correct category using One-R classification. The validity of this approach is verified using the KDD Cup '99 benchmark dataset. Our experimental results demonstrate that our proposed approach performs better than existing techniques, with the accuracy, detection and false alarm rates of 99.26%, 99.33%, and 2.73%, respectively.