Open Access Open Access  Restricted Access Subscription or Fee Access

CKMSA: an Anomaly Detection Process Based on K-Means and Simulated Annealing Algorithms

(*) Corresponding author

Authors' affiliations



In modern years, countless researchers are interested in anomaly detection techniques for building intrusion detection systems (IDS). Intrusion detection is a process of recognizing attacks and intrusions. The IDS key purpose is to classify the Regular and Intrusive activities. Anomaly based IDS are built on an approach including first training a system with data in order to establish a certain view of normality and then use the determined profile on actual data to flag non-conformities. However, those kinds of IDS are highly vulnerable to mistaken alerts and present at the same time a very low detection rate when the learning is performed on misclassified data. Therefore, the need for an underlying clustering algorithm, which can process optimally the data grouping, is on agenda. In our paper, we combined two methods of clustering and optimization, namely K-means and Simulated Annealing, in order to achieve a global optimum classification for the data subject to learning and consequently avoid being limited to local optimum solutions. The K-Means in this work is used in its semi-supervised variant in order to lessen the number of times that the algorithm is applied and thus keep our work likely to be used in real time context. The developed algorithm has produced satisfactory results when applied on NSL-KDD data set, the tests reveal this method can enhance the detection and misdetection rates of intrusion detection systems.
Copyright © 2016 Praise Worthy Prize - All rights reserved.


Clustering; K-Means; Gradient Descent; Global Optimum; Simulation Annealing; Anomaly Based IDS

Full Text:



Y. Yingbing, A Survey of Anomaly Intrusion Detection Techniques, Journal of Computing Sciences in Colleges, Vol. 28, n.1, pp. 9-17, 2012.

A. C. Carlos,G. G. Carlos,Automatic Network IntrusionDetection: Current techniques and open issues. Computers& Electrical Engineering, Vol. 38.n. 5, pp 1062-1072, 2012.

R.Storlokken, Labelling Clusters in an Anomaly based IDS by Means of Clustering Quality Indexes, Dept. Computer Science and Media Technology,Gjvik University College,Gjvik, Norway, 2007.

S. Kirkpatrick, C. D. Gelatt, M. P.Vecchi: Optimization by Simulated Annealing, Science, Vol. 220, n. 4598, pp. 671-680, 1983.

V. Cerny, Thermodynamical Approach to the Traveling Salesman problem: Aneffcient simulation algorithm. Journal of optimization theory and applications, Vol. 45. n. 1,pp.41-51, 1985.

D.Bertsimas, J.Tsitsiklis, Simulated annealing, Statistical science, Vol. 8. n. 1, pp. 10-15, 1983.

Mohamed Mubarak, T., Sajitha, M., Appa Rao, G., Sattar, S., Secure and Energy Efficient Intrusion Detection in 3D WSN, (2014) International Journal on Information Technology (IREIT), 2 (2), pp. 48-55.

The NSL-KDD Data Set, (2014),Accessed 26 November 2014

A.Kartit, A.Saidi, F.Bezzazi, M.El Marraki, A.Radi,A new approach to intrusion detection system. Journal of Theoretical and applied information technology, Vol. 36,pp. 284- 289, 2012.

Enshaei, M., Mohd Hanapi, Z., Othman, M., A Review: Mobile Ad Hoc Networks Challenges, Attacks, Security, Vulnerability and Routing Protocols, (2014) International Journal on Communications Antenna and Propagation (IRECAP), 4 (5), pp. 168-179.

C.Modi, D.Patel, B.Borisaniya, H.Patel, A.Patel, M.Rajarajan, A Survey of Intrusion Detection Techniques in Cloud. Journal of Network and Computer Applications,Vol. 36, n. 1, pp. 42-57, 2013.

Ektefa, M., Memar, S. ,Sidi, F., Affendey, L. S., Intrusion Detection using Data Mining Techniques, International Conference on Information Retrieval & Knowledge Management (CAMP) IEEE (Pages:200-203,Year of Publication: 2010).

Moorthy, M., Sathiyabama, S.: A study of Intrusion Detection using Data Mining, International Conference on Advances in Engineering, Science and Management (ICAESM) IEEE (Pages: 8-15, Year of Publication: 2012).

A. P.Muniyandi, R.Rajeswari, R.Rajaram, Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision, Tree Algorithm. Procedia Engineering, Vol. 30, pp. 174-182, 2012.

M.Dsilva, D.Vora, Comparative Study of Data MiningTechniques to Enhance Intrusion Detection, International Journal of Engineering Research and Applications (IJERA), pp 2248-9622, 2013.

K-Means Clustering, Clustering/tutorial.html/kmeans.html (2014). Accessed 10November 2014.

Na, S., Xumin, L., Yong, G., Research on K-Means Clustering Algorithm: An Improved K-Means Clustering Algorithm, Third International Symposium on Intelligent Information Technology and Security Informatics (IITSI). IEEE (Pages: 63-67, Year of Publication: 2010).

F.Martinez-Rios, J.Frausto-Solis, A Simulated Annealing Algorithm for the Satisfiability Problem using Dynamic Markov Chains with Linear Regression Equilibrium. (INTECH Open Access Publisher, 2012, 21-40).

Tavallaee, M., Bagheri, E.,Lu, W., Ghorbani, A. A., A Detailed Analysis of the KDD CUP 99 Data Set, Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications. (Year of Publication: 2009).

S.Revathi, A.Malathi, Network Intrusion Detection based On Fuzzy Logic, International Journal of Computer Application, Vol. 1, n. 4, pp. 143-149, 2014.

H. S.Chae, B. O.Jo, S. H.Choi, T. K.Park, Feature Selection for Intrusion Detection using NSL-KDD, Recent Advances in Computer Science, pp 184-187, 2013.

H.Saxena, D. V.Richariya, Intrusion Detection System using K-means, PSO with SVM Classifier, A Survey, International Journal of Emerging Technology and Advanced Engineering, Vol. 4, n. 2, pp. 653-657, 2014.


  • There are currently no refbacks.

Please send any question about this web site to
Copyright © 2005-2024 Praise Worthy Prize