An Intrusion Detection System by K-means Cluster Algorithm, which is unsupervised machine learning, can predict whether data are normal or abnormal (intrusion). We can make a model by K-means cluster, forming the given data as two or eight different cluster groups, which is called training data. Based on the model (trained data), we can predict whether new data are normal or abnormal.

An Intrusion Detection System by K-means Cluster Algorithm, which is unsupervised machine learning, can predict whether data are normal or abnormal (intrusion). We can make a model by K-means cluster, forming the given data as two or eight different cluster groups, which is called training data. Based on the model (trained data), we can predict whether new data are normal or abnormal.

First, we calculate the distance from each cluster center to the most outer location, which is called the threshold in the cluster. We can then calculate the distance from each cluster center to a new data location. If the latter value is less than the threshold, it is normal. Otherwise, it is abnormal.

You have to simulate two group clusters and eight group clusters and compare them in terms of detection ratio. From the new data, we already know whether data are normal or attack. We can calculate your intrusion detection algorithm’s accuracy.

Submission: 1) intrusion detection system algorithm, 2) a screenshot of the accuracy from the algorithm. As you know, the given data have eight dimensions, so we cannot plot our result in two dimensional domains. We can choose third and fourth columns data and plot the cluster points as third for x axis and the forth for y axis. 3) A screenshot of plotting in two dimensions