Classification of Normal and Anomalous Activities in a Network by Cascading C4.5 Decision Tree and K-Means Clustering Algorithms

Abstract

Cascades of information are a phenomena where individuals take a new action or thought because of their influence. As such technique is transmitted across a social network, broad adoption can occur. In the framework of suggestions and information dissemination on the blogosphere, we are considering cascades of information. Intrusion in a network environment poses a severe security risk. The intrusion detection system in the network is designed to detect attacks or malicious activity in a high-detection network while keeping a low false alarm rate. The system’s behavior and flashing systems are monitoring important anomalies in the anomaly detection system (ADS). In this research, we present a method of identification of anomalies with “K-means + C4.5,” the method of cascading k-means clustering and the decision tree method C4.5, for classifying anomalous and typical computer network operations. K-Means is the first clustering method for separating training into K clusters with a similarity in Euclidean distance. In each cluster, we create decision structures with algorithms from the decision tree C4.5, indicating a density area of typical or abnormal cases. The Decision Tree illustrates the decision constraints for each cluster by learning the subgroups inside this cluster. We use the findings from the decision tree for each class to get a final conclusion. However, the K-means+C4.5 model is shown to be slightly superior to predict computer network anomalous activities with a rating of 99.2% with true positive rate.

Shitharth Selvarajan

Lecturer in Cyber Security

My research interests include Cyber Security, Blockchain, Critical Infrastructure & Systems, Network Security & Ethical Hacking.