Improving the efficiency of KDD cup 1999 data by using Make Density Based Clusterer algorithm in Intrusion Detection system by removing the count attribute

Abstract—An Intrusion Detection System screens the network traffic and looks for dubious or untrustworthy movement and known intimidation on the network, and sends up the caution if it comes across such an item. Intrusion detection (ID) as a radiance remains censorial in digital security. To comprehend intrusion detection, initially realize what intrusion is? According to Heady et al., it is defined as “any action that attempts to negotiate the integrity, privacy or accessibility of a resource "for example gaining illegal access, attacking and rendering a system out of service, etc. With the end goal of this article, here it describes intrusion as any unbowed framework or merriment on (at least one) PC or set of connections of computers. This is a delineation of a legal client of a framework attempting to strengthen his advantages to acquire more prominent access to the framework that he presently depended, or a similar client attempting to interface with an unapproved remote port of a server. These are the interruptions that can incite from the rest of the world, a wronged ex-worker who was terminated recently, from your devoted staff. In this section, the average data is revealed as incursion when the case is a false positive. Here they are concentrating on this dilemma with delineation and offering one answer for a similar issue. The KDD CUP 1999 data set is used. In the result of this analysis, it can be seen that if a class has a higher number of counts then this class is opined as an anomaly class. But it will be counted as an anomaly if the right individual is passing the threshold value. An elucidation is proposed to detect the true person and to get rid of fake positives.