Network Intrusion Detection Using Machine Learning Anomaly Detection Algorithms

Hanıfı K., Bank H., Karslıgıl M. E. , Yavuz A. G. , Güvensan M. A.

25th Signal Processing and Communications Applications Conference (SIU), Antalya, Turkey, 15 - 18 May 2017 identifier identifier


Attacks on the network are exceptional cases that are not observed in normal traffic behavior. In this work, in order to detect network attacks, using k-means algorithm a new semi-supervised anomaly detection system has been designed and implemented. During the training phase, normal samples were separated into clusters by applying k-means algorithm. Then, in order to be able to distinguish between normal and abnormal samples according to their distances from the clusters' centers and using a validation dataset a threshold value was calculated. New samples that are far from the clusters' centers more than the threshold value is detected as anomalies. We used NSL-KDD a labelled dataset of network connection traces for testing our method's effectiveness. The experiments result on the NSL-KDD data set, shows that we achieved an accuracy of 80.119%.