A Novel Similarity Measure for Intrusion Detection using Gaussian Function

TL;DR

This paper introduces a Gaussian-based similarity measure tailored for intrusion detection, integrating it into k-means clustering to improve the formation of disjoint clusters for identifying intrusions effectively.

Contribution

It proposes a novel Gaussian similarity measure as a distance metric for clustering in intrusion detection, enhancing cluster separation and detection accuracy.

Findings

Effective clustering of intrusion data using the proposed measure

Fixed bounds and properties of the similarity measure

Successful case study on DARPA and KDD datasets

Abstract

In this paper the major objective is to design and analyze the suitability of Gaussian similarity measure for intrusion detection. The objective is to use this as a distance measure to find the distance between any two data samples of training set such as DARPA Data Set, KDD Data Set. This major objective is to use this measure as a distance metric when applying k- means algorithm. The novelty of this approach is making use of the proposed distance function as part of k-means algorithm so as to obtain disjoint clusters. This is followed by a case study, which demonstrates the process of Intrusion Detection. The proposed similarity has fixed upper and lower bounds. The proposed similarity measure satisfies all properties of a typical similarity measure.