Abstract
Efficient classification plays a significant role in rule-based Intrusion Detection Systems. In order to make full use of the information in the rule pool, in this paper, a novel approach has been proposed to improve the detection performance by building a Gaussian function for each cluster in the two-dimensional average matching degree space, instead of analyzing the distance in the two-dimensional average matching degree space. A clustering method is also proposed which calculates the number of clusters and their centers depending on the crowdness of the points of each class. Considering the importance of the number of clusters, the performance of the intrusion detection is evaluated by changing the size of clusters. Simulation results show that the proposed approach based on the Gaussian function of each cluster is effective and efficient for distinguishing normal, misuse and anomaly intrusions.
