Improving the Efficiency of KDD Cup 1999 Data for Intrusion Detection Using K-Means Algorithm by Removing the Count Attribute

Detection of intrusion bounds a large cover of security-based techniques designed to detect and report the malignant system to archive the evidence of intrusion. To comprehend intrusion detection, the meaning of intrusion should be clear. According to Webster’s dictionary, an intrusion is “the act of thrusting in or of entering into a place or state without invitation or welcome�. For the sake of understanding the article, we will define intrusion as any network activity or unauthorized system related to one or more computers or networks. This could be a sample of a legal user of a system trying to intensify his right so that he can gain greater access to the system that he is currently allocated or a legal user trying to associate to a remote port of a server to which he is unauthorized. These intrusions are generally commenced from the outside world, such as a disappointed ex-employee who was fired recently. This paper also discusses the concept of false positive. The false positive is referred to as the case in which the normal data is detected as an attack. For this, we take an example and try to find a solution for the same. The KDD CUP 1999 data set is used for this purpose. Results indicate that a class with a higher number of counts is expressed as an anomaly class. But if a true person crosses the threshold value of count it will be counted as an anomaly. So to remove false positive & to detect the true person, one solution is offered.