Skip to Main Content
Most current intrusion detection system employ signature-based methods or data mining-based methods which rely on labeled training data, however, in practice, this training data is typically expensive to produce. In contrast, unsupervised anomaly detection has great utility within the context of network intrusion detection system. Such a system can work without the need for massive sets of pre-labeled training data and has the added versatility of being free of the over specialization that comes with systems tailored for specific sets of attacks. Thus, with a system that seeks only to define and categorize normalcy, there is the potential to detect new types of network attacks without any prior knowledge of their existence. This paper discusses the creation of such a system that uses a fuzzy cluster algorithm to detect anomalies in network connections; we evaluate our method by performing experiments over network records from the KDD CUP99 data set.