An Unsupervised Classification Scheme Using PDDP Method for Network Intrusion Detection

This paper presents an unsupervised classification scheme for intrusion detection using principal divisive direction partitioning (PDDP). As an effective clustering method, PDDP is unusual in that it is divisive, as opposed to agglomerative, and operates by splitting clusters into two smaller sub-clusters repeatedly. The splits are not based on any distance or similarity measure. By introducing the idea of PDDP method to intrusion detection, the number of clusters is able to be determined automatically. PDDPC have two advantages, one is that the singular value decomposition (SVD) can be stopped at the first singular value/vector and this makes PDDPC significantly more computational advantages, the other is that no distance and similarity measure is needed to define. The results of the experiments with KDD CUP1999 data show that this scheme can improve the detection quality effectively. It achieves 99% in accuracy and outperforms the UnPCC method and the k-mean method.