Journal of Computing
Intrusion detection is an essential mechanism to protect computer systems from many attacks. Clustering is the most acceptable technique to regroup the raw data into clusters but it cannot identify them. In this paper, the authors present a technique for the identification of unknown TCP (Transmission Control Protocol) connections using k-mean WEKA-based. Specifically, they built mixture models using KDD cup 99 and their traffic traces cancroids approach to find component behavior patterns (forensics). In this paper, they presented a six-step method for identifying the organization connections into a normal class or one of the major attack categories i.e. DoS, Probe, R2L and U2R.