Use Case of K-Means Clustering Algorithm : Intrusion Detection System

Content of this Blog

  • What is K-Means Clustering ?
  • What is Intrusion Detection System ?
  • Use Case : Network Intrusion Detection System

What is K-Means Clustering ?

  • K-Means Clustering is an unsupervised learning algorithm which groups the unlabeled dataset into different clusters.
  • ‘K’ here defines the number of pre-defined clusters that would be created in the process.
  • It is a centroid-based algorithm within which each cluster is associated with a centroid. Main aim of this algorithm is to minimize the sum of distance between the data point and their corresponding clusters
  • The algorithm takes the unlabeled dataset as input and divides it into k-number of clusters. The process is repeated till the best clusters is not found.

What is Intrusion Detection System ?

  • Intrusion Detection System(IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.
  • Classification of Intrusion Detection Types includes Network intrusion detection systems (NIDS) & Host-based intrusion detection systems (HIDS).

Use Case : Network Intrusion Detection System

What is Network Intrusion Detection System ?

A network-based intrusion detection system (NIDS) detects malicious traffic on a network. NIDS usually require promiscuous network access in order to analyze all traffic, including all unicast traffic. NIDS are passive devices that do not interfere with the traffic they monitor.

K-Means Clustering Algorithm could be used to understand the nature of attacks detected using Intrusion Detection System. The nature of attacks includes the following:

  • Denial-of-Service (DoS) : A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
  • Probing (Probe) : Probing attacks are an invasive method for bypassing security measures by observing the physical silicon implementation of a chip. As an invasive attack, one directly accesses the internal wires and connections of a targeted device and extracts sensitive information.
  • User-to-Root (U2R) : A User-to-Root attack the attacker first succeeds in gaining a foothold on the remote system in the form of a user session, ideally in the form of an interactive shell or TELNET window.
  • Remote-to-Local (R2L) : A Remote to Local attack (sometimes also referred to as a Remote to User attack) is conceptually similar to the user-to-root attack but is more modest in its ultimate ambition. Such an attack is transacted when an attacker sends packets to the target host that are intended to disclose vulnerabilities that would enable the attacker to exploit a local user’s privileges.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DOOR Will be Available on CoinTiger 6 January. 19,100 DOOR to Give Away!

Encryption: The New Channel Standard

MrWeb Finance | Smart Contract Audit Report | 2021 | QuillAudits

Join Strike and earn $10 when you sign up and verify your account using my referral code: VJZ3YA…

Strategic Partnership with OKRATECH TOKEN 💥

Creating the Ultimate (Free) Personal Website

How to protect your business from the inevitable hack coming its way

Tutorial on How to use Metapsis App

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Satyam Singh

Satyam Singh

More from Medium

Energy Analytics at Combined Cycle Power Plant using Deep Learning ANN Model

Sentiment Analysis of Reddit Comments on Russia-Ukraine War with Python

Examples of Supervised and Unsupervised Learning Methods for Sentiment Classification of Twitter…