Issuu on Google+

International Journal of Computer Networking, Wireless and Mobile Communications (IJCNWMC) ISSN 2250-1568 Vol. 3, Issue 4, Oct 2013, 93-102 Š TJPRC Pvt. Ltd.

AN OUTCOME EVOLUTION IN INTRUSION DETECTION SYSTEM TO ADVANCE THE DETECTION RATE IN CLOUD COMPUTING ENVIRONMENT UTILISING MULTILAYER PERCEPTRON ALGORITHM RICHA SONDHIYA, MAHENDRA MISHRA & MANEESH SHREEVASTAV LNCT Bhopal, Bhopal, Madhya Pradesh, India

ABSTRACT Cloud is an environment where services are provided over internet on pay as you go basis. Cloud Computing is becoming popular because of its on demand services. It provides computing resources, software, and infrastructure to the users over internet. But cloud computing environment can be easily affected by threats and attacks. To make them secure cloud intrusion detection system is used. Intrusion Detection systems are used to find out attacks and intrusions in networks where large amount of data packets flows in every minute. The cloud computing environment is also an example of such network where large number of users uses services every minute. Because of this amount of traffic this environment can be easily affected by attacks. Its task of IDS to find out such attack and make system secure. After detection of attacks IDS generates alarm to inform the network administrator about such attacks. IDS recognize attacks in signature and behavior basis. Sometimes a normal activity is also triggered as attack that is known as false alarm, but when detected behavior is really an attack that is known as true positive. It meanse it is necessary to correctly identify the attacks. Generally cloud intrusion detection system, network intrusion detection system which are used in cloud and network environment use data mining techniques to detect various attacks. The main goal of system is to find attacks with high detection rate and low false alarm. We present Neural Network based unsupervised MLP Technique and compare with centroid-based clustering algorithms for intrusion detection. These techniques are applied to the KDD Cup98 data set .In addition; a Comparative analysis shows the advantage of Neural Network based unsupervised technique over clustering-based Methods over in identifying new or unseen attack. Experimental result show that MLP Algorithm improves the detection rate in IDS than K-Mean algorithm.

KEYWORDS: Cloud Computing, Intrusion Detection System, Neural Network, False Alarm INTRODUCTION Cloud Computing is not only an application hosted as a service but it is a computing environment where large group of systems are connected together in a network to provide an infrastructure for various services. With the help of this technology computation cost, storage cost has reduced significantly. In this the user can access the services over internet without any concern of from where they are actually using those services. Cloud has three models. IaaS (Infrastructure as a service), It provides resources as a service with the help of service interface. PaaS (Platform as a service), It provides computational resources via platform upon which application can be developed and hosted. SaaS (Software as a service), these offers implementation of specific functions and processes that are provided with cloud capabilities. An intrusion detection system (IDS) play very important role in field of information security. Intrusion Detection system finds intrusive activities among all normal and abnormal behavior. Intrusion Detection system monitors network data packets and network traffic to find attacks and intrusions. After detection of intrusion or abnormal activity, prevention


94

Richa Sondhiya, Mahendra Mishra & Maneesh Shreevastav

system work to look after the intrusion. IDS is mainly categorized into two types one is host-based intrusion detection system (HIDS), and another is network based intrusion detection system (NIDS) is also a third one which is the combination of both types (Hybrid Intrusion Detection System). HIDS works to detect threat in a single host it means it only check intrusion for single host. An NIDS observe data flows and data packets on a network segment, which means it checks numbers of hosts at the same time. So we can say, that NIDS deals with large numbers of users and with large amount of data because of this it is difficult to manage and classify them manually. Sometimes labeled data is obtained by simulating intrusions but it can only performed with set of known attacks. But in future the possibility of occurrence of new type of attacks is also there which cannot be handled. If manual classification is performed, we can only identify only the known attacks. To solve all these deficiencies, we require a technique for detection of intrusions especially when our training data is unlabeled, and also for detection of new and un-known types of intrusions. A method that offers to remove all these deficiencies is anomaly detection. Anomaly detection finds out anomalies in the information (i.e. data instances in the data that deviate from normal or regular ones). It also helps us to find out new types of attacks. It became very difficult or almost impossible, to detect malicious act of someone who is authorized user of the network and who uses it as a legitimate user. Actually it can not be said confidently that a person who is using the system is whether a particular user or not. Sometimes the possibilities are there that password may be stolen. In that case it becomes very difficult to differentiate between legitimate users and misfeasors. With all these assumptions we design a system which task is to form clusters from given input data. Then it labeled those clusters as either normal or anomalous data instances clusters according to the content. Then it uses these clusters for the classification of network data instances as either normal or anomalous. For this training and testing we use 10% KDDCup’99 dataset [2], It is a very well-known and popular intrusion attack dataset. A very precise distinction between the clusters is assumed by most clustering techniques so that one pattern can only belong to one cluster at a time [18,19]. With this the possibility of objects existing in multiple clusters is reduced in large extent. Because of this this reason and with the help of fuzzy clustering all the weaknesses can be overcome. Because of fuzzy logic membership value of a pattern in a given cluster rely between 0 and 1. In this paper we aim to propose a Neural Network based algorithm which is capable finding unseen attack and identify new attack.

RELATED WORK In cloud computing environment security is one of the main aspect to concerned. In previous works we can see that researchers are trying to find various techniques of encryption to improve the security of the system Brian Hray et. al [6] worked on data integrity. He mainly focused on data authentication. He also work for querying and outsourcing of the encrypted data. In their work we can see that, the risks and problems can arise at operational trust modes, and at the time of resource sharing also. He said that new attack strategies and digital forensics are also under threat. The safely encrypted communication channels are used for cloud storage in trust modes and computation on encrypted data is performed which is called as homomorphism encryption. New strategies for attacks like Virtual Machine Introspection (VMI) can also be used at virtualization layer. It helps to process and alter the data. By using digital forensics techniques namely the ephemeral nature of cloud resources and seizing a “system� for examination the issue can be clarified. John C. Mace et.al [7] have defined an automated dynamic and policy-based technique which work is to choose where to run workflow instances and it stores data and same time provides audit data to verify policy compliance and it also avoid prosecution. Their work also proposed an automated tool for quantifying information security policy implications which helps policy-makers to take decision so that they can form more justifiable and financially beneficial security policy decisions. In an enterprise to achieve work flow deployment Service Oriented Architecture is used. In


An Outcome Evolution in Intrusion Detection System to Advance the Detection Rate in Cloud Computing Environment Utilising Multilayer Perceptron Algorithm

95

public cloud environment to achieve efficiency and productivity, the cloud computing uses the approaches like retaining control, setting policy, and monitoring and runtime security. Security assessment, work flow deployment, policy assignment, audit data and policy analysis these all are some examples of dynamic deployment approaches in public cloud. Qiang Guo et.al [8] proposed a definition for trust in cloud computing. He discussed various issues related to trust. An extensible trust evaluation model which has given the named ETEC has been proposed. It includes a time-variant comprehensive evaluation process for expressing direct trust and it has a space variant evaluation property which calculates recommendation trust. An algorithm which works on concept of ETEC model is also shown here. This model calculates the trust degree very effectively and reasonably in cloud computing environments. Bakshi et. al. [9] proposed another cloud intrusion detection solution. The main concern was to protect the cloud from DDoS attacks. The model uses an installed intrusion detection system on the virtual switch and when a DDoS attack is detected. Xie [10] used Support Vector Machine (SVM) in spam detection. They found two optimal parameters, cost and gamma. They used a good method for selecting proper values of them, which is called “grid search�, i.e. to search for the values of certain parameters over supplied parameter ranges. Although they performed parameters optimization, their detection rates were too low. They also did not perform feature selection

FUNDAMENTAL THEORY Intrusion Detection System Intrusion Detection System (ids) perpetually monitors actions during a sure setting and decides whether or not they square measure a part of a doable hostile attack or a legitimate use of the setting. The setting is also a pc, many computers connected during a network or the network itself. The IDS analyzes numerous varieties of data regarding actions emanating from the setting and evaluates the likelihood that they're symptoms of intrusions. Such data includes, as an example, configuration data regarding the present state of the system, audit data describing the events that occur within the system (e.g., event log in windows xp), or network traffic. There are so many measures for evaluating the performance some of the measures are the true positive (tp) rate, that is, the proportion of intrusive actions (e.g., error connected pages) detected by the system, false positive (fp) rate that is that the share of traditional actions (e.g., pages viewed by traditional users) the system incorrectly identifies as intrusive, and accuracy that is that the share of alarms found to represent abnormal behavior out of the overall variety of alarms. Within the current analysis tp, fp and accuracy measures were adopted to guage the performance of the new methodology Network Profiling In network the traffic of data always increases because of that the the chances of attacks can also increase. If IDS will not be updated with new signatures it won’t be able to find them. Network profiling is a technique which helps to deal with this problem. It does so by defining the labels of new signatures. But Network Profiling also has to face some problems like it has to group the attacks which continuously comes in network according to their types. To remove those problem the data mining techniques like clustering and classification are used. Clustering Techniques Cluster analysis is that the method of making partitions of information objects like records documents etc. into meaningful teams or clusters. The partitions are formed in such a way that one cluster contains the objects which has similar attributes and the another cluster contains objects with dissimilar attributes. Clusters are often known as


96

Richa Sondhiya, Mahendra Mishra & Maneesh Shreevastav

unsupervised classification of untagged patterns (observations, information things or feature vectors), so in the training set no class labels are related with the objects. Clustering ends up in a compact illustration of enormous information sets (e.g., collections of visited net pages) by a tiny low variety of cluster centroid values. The clustering technique embrace applications like data processing, document retrieval, image segmentation, and pattern classification (jain et al. 1999). Thus, cluster of internet documents seen by internet users will reveal collections of documents which belongs to the constant topic. In work of sequeira and zaki (2002), they have shown that cluster may be used for anomaly detection: normality of a brand new object are often evaluated by its distance from the foremost similar cluster underneath the idea that each one clusters are supported ‘normal’ information solely. A decent clustering method [13] design a good quality clusters within which similarity is very high is known as intra-classes and in which the similarity is low is known as interclasses. The standard of clusters depends upon each the equally live utilized by the tactic and it, s implementation and it's conjointly measured by its ability to find hidden patterns. The main idea of clustering algorithms is to create a finite variety of clusters, these all cluster will have their own center, they will also contain given information set, and every cluster represents a gaggle of comparable objects. Every cluster encapsulates a collection of information and here the similarities of the encircled data are their distance to the cluster center. Typically clustering techniques [16] are often divided into 2 classes one is pair wise clustering and another is central clustering. The previous conjointly known as similarity-based clustering, which teams similar information instances along supported a data-pair wise proximity live. Samples of this class embrace graph partitioning-type strategies. The latter, conjointly known as centroid-based or model-based clustering, which represents every cluster by a model, and this is known as its centroid". Central clustering algorithms [3,11,12] are typically additional economical than similaritybased clustering algorithms. We elect centroid-based clustering over similarity-based clustering. We couldn't with efficiency get a desired variety of clusters, e.g., one hundred as set by users. Similarity-based algorithms typically have a complexity of a minimum of o (n2) (for computing the data-pair wise proximity measures), wherever n is that the range of information. Classification Classification is the task of assigning objects to one of several categories. A classification model can predict the class label of unknown object. Classification often used in biology and in financial studies. In classification, datasets are divided into search domain and new samples. Classification technique builds a classification model from the search domain and decides the class label for each given input/object. Some classification algorithms are -Nearest Neighbor, Decision Tree, and Support Vector Machine (SVM)[10]. PROPOSED APPROACH We propose Neural Network based algorithms for network intrusion detection for cloud computing environment. Multilayer Perceptron Algorithm In this section the architecture of a feed forward neural network is presented. Multilayer-Perceptron algorithm [7, 8] is a wide used learning method in artificial neural networks. The feed-forward neural specification has high accuracy and generalization ability and can handle variety of problems. This formula relies on the error-correction learning rule. Error propagation consists of 2 passes. It goes through the various layers of the network, as a passing play, and it also run in a backward pass. At the time of the passing play the input vector is applied to the sensory nodes of the network and its result propagates through the network layer by layer. After this finally a group of outputs are created which is based


An Outcome Evolution in Intrusion Detection System to Advance the Detection Rate in Cloud Computing Environment Utilising Multilayer Perceptron Algorithm

97

on the actual response of the network. Throughout the passing play the synaptic weight of the networks area unit are all mounted. Throughout the rear pass the synaptic weights area unit all are adjusted. This adjustment is done in accordance with associate degree error-correction rule. The particular response of the network is deducted from the required response to supply a slip-up signal. This error signal is then propagated backward through the network against the direction of synaptic conditions. The synaptic weights area units are adjusted to form the particular response of the network to move nearer to the required response. Algorithm The algorithm of Multilayer Perceptron Learning works on the concept of back-propagation rule, which we have discussed earlier. The implementation of algorithm can be done in any programming language, and the applets can be designed in java. The algorithm uses an activation function in this we are taking sigmoid function f (net) because it is a simple derivative.

Algorithm Initialize Weights and Threshold The all weight and threshold values are randomly selected. Present Input and Desired Output Present input Xp = x0 ,x1 ,x2 ,...,xn-1 and target output Tp = t0 ,t1 ,...,tm-1 where n is the number of input nodes and m is the number of output nodes. Set w0 to be -ø, the bias, and value of x0 to be always 1. For pattern association, Xp and Tp represent the patterns to be associated. For classification, value of Tp is set to zero except for one element set to 1 that corresponds to the class that Xp is in. Calculate the Actual Output Each Layer Calculates the Following ypj = f [w0x0 + w1x1 + .... + wnxn] This is then passes to the next layer as an input. The final layer outputs values opj. Adapts Weights Starting from the output we now work in backwards direction. wij(t+1) = wij(t) + ñþpjopj , where ñ is a gain term and þpj is an error term for pattern p on node j. For Output Units þpj = kopj(1 - opj)(t - opj) For hidden units þpj = kopj(1 - opj)[(þp0wj0 + þp1wj1 + ....+ þpkwjk)] where the sum(in the [brackets]) is over the k nodes in the layer above node j. Step 5: Use simple majority of the category of nearest neighbors as the prediction value of the new sample

EVALUATION MEASURES The performance of the algorithm can be evaluated with the help of evaluation measures. Here we are taking following measures for the evaluation of proposed technique.


98

Richa Sondhiya, Mahendra Mishra & Maneesh Shreevastav

True Positive Rate (TP) It is also called Completeness and Detection Rate the percentage of truly detected attacks. The total numbers of intrusion occur in the system is taken and then we find out that how much from them is correctly triggered. False Positive Rate (FP) For this also the total numbers of events is considered and then among them how many from them is wrongly or mistakenly triggered as intrusive data is known as false positive rate. i.e., the percentage of non-intrusive data receiving a rating above threshold and suspected wrongly as intrusions. Accuracy Accuracy is calculated by total numbers of intrusions and the number of intrusions which are correctly triggered. Since no benchmark data on content based intrusion detection is currently available, the results are compared to the best numbers achieved with mlp which is a command level method using the Means clustering algorithm to detect intruders.

EXPERIMENTAL RESULTS Data Set Description The main aim of this work is to find out and improve the learning capabilities of the intrusions detection system, we want to improve the performance of ids by using a neural network based technique in place of data mining technique. Here MLP Algorithm is compared to a clustering based k-mean algorithm which use the full set of samples which are taken from the KDD Cup98 dataset, which has 5000 samples. The actual dataset has 5 million records. These are based on various attacks in which 1% sample has of about 5000 records which we have used in our experiment. Data Preprocessing Each records available in K-DD-98 data set, represents a distinct connection between two networks host, which is represented by few well defined network protocols. Every connection has 41 features for representation. It contains the basic features of individual of TCP Connections, the content features, No. of byte, numbers of transferred byte etc. In column 2 features of KDD-98 Data set is there which are transmitted byte, flag. We are focusing anomaly detection with unsupervised Learning algorithm. That’s why all the records which are tagged as attack are considered as intrusion, and in other hand remaining records was treated as normal. The labels are only used for evaluating the detection performance of the algorithm. These are not used during clustering process. The clustering technique which we have used in our comparative study has a limitation that it cannot handle categorical data and the categorical feature like flag in the data set are changed uing 1-to-N Encoding technique. Empirical Setting The K-Means [16, 17] and MLP Algorithm are written in visual basic.Net 2008 as front-end and MS-Access used as Backend and these are compiled into mix files. MLP algorithms have features like vector programming and active optimization and because of this it is relatively efficient. To run experiments it requires a PC with a 3.06GHz Pentium-4 CPU with 1GB DRAM and running Windows XP. For the MLP technique, we take the learning rate m = 0.5. We have done empirical studies with 100 total numbers of clusters. It helps us to study the effect of total numbers of clusters on IDS result. To find out the quality of clustering we have taken computation time as a measure. The integrity of a cluster is find out as the percentage of the most dominated instance category available in the cluster, and the average purity is calculated by the mean of overall clusters. Its value vary between the range from 0 to 1, and the instance which have higher values


An Outcome Evolution in Intrusion Detection System to Advance the Detection Rate in Cloud Computing Environment Utilising Multilayer Perceptron Algorithm

99

means it has better purity. We also recorded and compared the run time of each algorithm. Each experiment is implemented five times for evaluation of intrusion detection results, we find out the detection rate. We also find out the false positive rate which is the percentage of normal instances that are labeled as attacks. The detection rate of attacks represents the percentage of all intrusive instances that are detected, which are labeled as attacks. We also defined it in Graph, by varying the parameter which we have taken in the detection method. It shows the relation between the false positive rate and the detection rate.

EXPERIMENT ANALYSIS Now, we have compared both clustering algorithms with the complete data set with 5000 data set The Computation time for the clustering algorithms with 100 clusters are shown in Table 1 respectively. Experiment 1 In this experiment 1, we investigate computation time of MLP Algorithm and K-Mean algorithm. In the training phase of algorithm, we have clustered the training data. After training phase is done, every cluster given a label. It is done according to the majority type of data present in this cluster. For example, if more than 50% of the data are found to be intrusive in cluster, then we will label the cluster and its centroid weight vector as intrusion. MLP Algorithm gives better performance as compared to other techniques. It is better than the others in terms of computation time with much less run time.We have compared the results for 100 clusters; the result is shown in table (1). Comparing the results for 100 clusters, we observe that the K-Means take more execution time than MLP Algorithm. This experiment is run on individual clusters for each individual cluster on KDD98 Data set. This data set contain only numeric value not categorical valued. MLP Algorithm is fast than K-Mean Table 1 Cluster 20 40 60 80 100

Algorithm K-Mean MLP Algorithm Time (ms) Time (ms) 68 61 87 72 92 81 100 90 103 101

Figure 1: Clustering Results with 100 Clusters with Time Efficiency Since our aim is to detect network intrusion using clustering algorithms [10], we now analyze the unsupervised intrusion detection accuracies or times for detect the unseen or new attack. We find the possibility of the cluster of being normal in decreasing order and sort them. The data instances in the clusters are also managed in the same way.


100

Richa Sondhiya, Mahendra Mishra & Maneesh Shreevastav

This possibility of the clusters of being normal is calculated by the distance to the centroid of the largest cluster. Then sorted data is categorized into two category the normal and intrusive one, at cutting points. With the help of this graph is constructed. Figure (1) shows that the decline of time is fast when the value of k is very small, since the instances in the same cluster may be quite different from each other Splitting clusters can significantly decrease the value of time after k reaches the turning point, the decline of time will become slow. At this point, the data set may have been well partitioned. As k increases further, the data set will be partitioned into smaller clusters, which are closer to each other. Thus, the increment of k after the turning point will not decrease the value of computation time greatly. We intend to find the optimal number of clusters to make the sc as small as possible and the sp as large as possible Experiment 2 Now we find the detection rate of K-Mean and MLP Algorithm. To evaluate the accuracy of a system, we use two indicators, which were used in: Detection Rate (DR) and False Alarm Rate (FAR). DR equals the number of intrusions divided by the total number of intrusions in the data set

We partitioned 5000 instances of KDD-99 data using the K-Mean Algorithm and MLP algorithm with different initial values of k. The Detection rate of K-Mean algorithm and MLP are Table 2: Summary Detection Results with 100 Clusters Cluster 20 40 60 80 100

K-Mean Algorithm 85 75 69 63 61

MLP Algorithm 90 80 76 73 72

The table (2) shows that K-Mean algorithm has low detection rate than MLP Algorithm. A algorithm is used in intrusion detection system is so good when it has low false positive rate and high Detection rate. MLP Algorithm map reduce the false positive and it has high detection rate for detect the unseen or new attack. The graph for the K-Means and MLP Algorithm algorithms are omitted for comprehensibility and better visualization, particularly because they are visibly worse.

Figure 2: Detection Rate of the K-Mean Algorithms and MLP Algorithm Figure (2) Show the Graph for detection rate of the K-Mean algorithms and MLP Algorithm with 100 clusters respectively. It can be seen that for 100 clusters, the MLP Algorithm has high detection rate than K-Mean.


An Outcome Evolution in Intrusion Detection System to Advance the Detection Rate in Cloud Computing Environment Utilising Multilayer Perceptron Algorithm

101

CONCLUSIONS An approach for a neural network based intrusion detection system, intended to classify the normal and attack patterns and the type of the attack, has been presented in this paper. We applied MLP method which increased the generalization capability of the neural network and at the same time decreased the training time. It should be mentioned that the long training time of the neural network was mostly due to the huge number of training vectors of computation facilities. When the parameters of neural network determined by training, at that time a single record can be classified in a very short event. Therefore, the IDS based on neural network can work as an online classifier. It can easily detect attack types that it has been trained for. But the only thing that makes this neural network off-line is that it takes more time for gathering information which is necessary to compute the features. In this paper we introduce MLP in a cloud to protect user. This algorithm is intended to be scalable by allowing diffenent format of data to apply into MLP for more reliable IDS solution. The implemented MLP is just a first step in the direction of a complex CIDS. An interesting future topic is the implementation of the fully functional MLP on the real internet testbed and cloud infrastructure. To practically apply the deployment, performance and scalability issues need to be considered as the next step.

REFERENCES 1.

Mahesh s,Mahesh T R, M Vinayababu (2010) “ Using Data Mining Techniques for Detecting terror related activities on the web”, Journal of Theoretical and Applied information technology

2.

Abbasi, A., & Chen, H. (2005). Applying authorship analysis to extremist group Web forum messages. IEEE Intelligent Systems, Special Issue on Artificial Intelligence for National and Homeland Security, 20(5), 67–75.

3.

Baumes, J., Goldberg, M., Hayvanovych, M., Magdon-Ismail, M., Wallace, W., & Zaki, M. (2006). Finding hidden group structure in a stream of communications. In S. Mehrotra, D.D. Zeng, & H. Chen (Eds.), Proceedings of the IEEE Conference on Intelligence and Security Informatics (pp. 201–212). Los Alamitos, CA: IEEE.

4.

Chen, H. (2006). Intelligence and security informatics: Information systems perspective. Decision Support Systems: Special Issue on Intelligence and Security Informatics, 41(3), 555–559.

5.

Chen, H., Qin, J., Reid, E., Chung, W., Zhou, Y., Xi, W., et al. (2004). The dark Web portal: Collecting and analyzing the presence of domestic and international terrorist groups on the Web. In W.T. Scherer & B.L. Smith (Eds.), Proceedings of the 7th IEEE International Conference on Intelligent Transportation Systems, (pp. 106–111).

6.

Brian Hay, Kara Nance, Matt Bishop, “Storm Clouds Rising: Security Challenges for IaaS Cloud Computing” Proceedings of the 44th Hawaii International Conference on System Sciences -2011. J.Allen, A. Christie, W.Fithen, j.McHugh,J.pickel, and E.Stoner, “State of the practice ofIntrusion Detection Technologies”, CMU/SEI-99-TR-028, Carnegie Mellon Software Engg.Institute. 2000.

7.

John C.Mace, Aad van Moorsel, Paul Watson, “The Case for Dynamic Security Solutions in Public Cloud Workflow Deployments” School of Computing Science & Centre for Cybercrime and Computer Security (CCCS) Newcastle University, Newcastle upon Tyne, NE1 7RU, UK.

8.

Qiang Guo, Dawei Sun, Guiran Chang, Lina Sun, Xingwei Wang, “Modeling and Evaluation of Trust in Cloud Computing Environments” School of lnformation Science and Engineering, Northeastern University, Shenyang,


102

Richa Sondhiya, Mahendra Mishra & Maneesh Shreevastav

P.R. China, Computing Center, Northeastern University, Shenyang, P.R. China, 2011 3rd International Conference on Advanced Computer Control (ICACC 2011). 9.

Bakshi, Chun-Chieh Huang, Joy Ku, “A Cooperative Intrusion Detection System Framework for Cloud Computing Networks", 39th International Conference on Parallel Processing Workshops, 2010.

10. Y. Xie. An Introduction to Support Vector Machine and Implementation in R. May 2007. 11. Wikipedia-Cluster Analysis, http://en.wikipedia.org/wiki/cluster_analysis. 12. Johan Zeb Shah and anomie bt Salim, “Fuzzy clustering algorithms and their application to chemical datasets”, in Proc. Of the post graduate Annual Research seminar 2005, pp.36-40. 13. Zhengxim Chen, “Data Mining and Uncertain Reasoning-An integrated approach”, Willey, 2001. 14. Witcha Chimphlee, et.al. “Un-supervised 15. Clustering methods for identifying Rare Eventsin Anomaly detection”, in Proc. Of World Academy of Science, Engg. and Tech(PWASET), Vol.8, Oct2005, pp.253-258. 16. J.Bezkek, “pattern Recognition with fuzzy objective function algorithms”, Plennum Press,USA, 1981. 17. S.Albayrak, and Fatih Amasyali, “Fuzzy CMeans clustering on medical diagnostic 18. Systems”, International XII Turkish Symposium on Artificial Intelligence and Neural Networks, TAINN-2003. 19. Wit old Pedrycz, “Knowledge Based Clustering”, John Willey&sons Inc.,2005.ISBN:0-471-46966-1.


11 an overcome evolution full