Use Case of K-Means Clustering Algorithm : Intrusion Detection System

Content of this Blog

  • What is K-Means Clustering ?

What is K-Means Clustering ?

  • K-Means Clustering is an unsupervised learning algorithm which groups the unlabeled dataset into different clusters.

What is Intrusion Detection System ?

  • Intrusion Detection System(IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.

Use Case : Network Intrusion Detection System

What is Network Intrusion Detection System ?

A network-based intrusion detection system (NIDS) detects malicious traffic on a network. NIDS usually require promiscuous network access in order to analyze all traffic, including all unicast traffic. NIDS are passive devices that do not interfere with the traffic they monitor.

K-Means Clustering Algorithm could be used to understand the nature of attacks detected using Intrusion Detection System. The nature of attacks includes the following:

  • Denial-of-Service (DoS) : A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.