Improving Intrusion Detection Using PCA And K-Means Clustering Algorithm

In the last few years, the internet has been growing at an exponential rate, which has generated a severe increase in network attacks. So, to provide necessary security, an intrusion detection system (IDS) is used to detect malicious traffic and prevent attacks from various data sources. For this aim, clustering is the simple and reliable method in machine learning to detect intrusions in the case of unlabeled data, in addition to detecting unknown and new types of intrusions. In this paper, we are analyzing the NSL-KDD dataset, which is an improved version of its predecessor, the KDD-99 dataset, using the K-Means clustering algorithm. We compare the results by first using correlation as a feature selection method to eliminate redundant and irrelevant attributes in our data set, and then by increasing interpretability while minimizing information loss using the dimensionality reduction method of Principal Component Analysis (PCA). The analysis was done using Python and the data mining tool WEKA. Results are shown to have an improved accuracy after using PCA over K-means clustering. Our main objective is to provide a better model of IDS using machine learning, especially clustering methods.