Intrusion Detection System into computer networks by K-means and XGBoost clustering algorithm

Abstract

Abstract These days, identifying malicious networks has been a subject of study for decades, and since the volume of network traffic is increasing day by day, there is a need for a successful intrusion-detection system that can make the identification process easier during attacks. It is felt to take decisions more accurately and in real time and faster processing. The purpose of this research is to detect intrusion into computer networks by combining K-means and XGboost clustering algorithms. The proposed method is performed in two stages. In the first stage, the pre-processing is done by normalizing and digitizing the data set, as well as removing outliers based on two PCA methods and reducing the dimensions of the feature, then using the learner. We use the k-means algorithm to find the optimal number of clusters, and finally we use the Elbow method to find the optimum number of clusters. The second stage consists of classifying malicious and normal network traffic from each other by combining K-means and XG-Boost algorithms on computing platforms. The experiments in this article were done using the NSLKDD data set and its implementation in the knime emulator platform the final evaluation results show the superiority of the error detection rate, and the accuracy and correctness of the proposed algorithm compared to other similar methods.