KARPAGAM Journal of Computer Science (ISSN : 0973-2926)

A Comparative Study of Clustering Algorithms for Building a Network Intrusion Detection Model
Authors : Mrutyunjaya Panda & Manas Ranjan Patra

Abstract
K-means is a popular clustering algorithm that requires a huge initial set to start the clustering. K-means is an unsupervised clustering method which does not guarantee convergence. Numerous improvements to K-means have been done to make its performance better. Now fuzzy set theory has been applied to many fields including data mining. Fuzzy clustering method is more precise in dealing with data simulation, and the results are easier to be understood and used. Therefore, research into fuzzy clustering method for knowledge is significant not only to theory, but also to application. Expectation Maximization is a statistical technique for maximum likelihood estimation using mixture models. It searches for a local maxima and generally converges very well. In this paper, we propose some clustering algorithms such as K-Means, Fuzzy c-Means, and EM (Expectation and maximization) for network intrusion detection. We have used KDDCup’1999 data set for our experimentation. The simulation results show that EM algorithm is a more statistically formalized method, which accounts for partial membership in classes. It has better convergence properties and is in general preferred to K-Means and Fuzzy c-Means algorithms in building a network intrusion detection model.