An unsupervised method for intrusion detection using spectral clustering

In this paper we present an unsupervised approach for intrusion detection based on spectral clustering (SC). Recently spectral clustering has gained wider application because of its promising results on several challenging clustering problems [1]. SC uses spectral graph theory to form a Laplacian matrix where the first k eigenvectors of this matrix are clustered using k-means to form representative clusters. The representative clusters are labeled normal or anomalous according to an assignment heuristic. We have provided different techniques to detect intrusions (or anomalies) which are scattered uniformly and form small clusters of anomalous data. To improve the clustering results, the scattered anomalies are detected and removed before representative clusters are formed using SC. For evaluation, a synthetic and real data set (KDD Cup 1999) are used and our results show that the application of SC is a promising approach to the development of an intrusion detection system. From the experiments we demonstrate that the application of SC yields a detection rate (DR) in the range of 91%-100% with the false positive rate (FPR) being less than 4.5%.