Fuzzy c-means sub-clustering with re-sampling in network intrusion detection

Both supervised and unsupervised learning are popularly used to address the classification problem in anomaly intrusion detection. The classical and challenging task in intrusion detection is how to identify and classify new attacks or variants of normal traffic. Though the classification rate is not at par with supervised approach, unsupervised approach is not affected by the unknown attacks. Inspired by the success of bagging technique used in prediction, the study deployed similar re-sampling strategy by splitting the training data into half. Data was obtained from KDDCup 1999 dataset. The finding shows that re-sampling improves performance of Fuzzy c-Means sub-clustering.