Abstract
Intrusion Detection Systems (IDSs) can identify the malicious activities and anomalies in networks and present robust protection for these systems. Clustering of attacks plays an important role in defining IDS defense policies. A key challenge in clustering has been finding the optimal value for the number of clusters. In this paper, we propose an automatic clustering algorithm as part of an IDS architecture. This algorithm is based on concepts of coherence and separation. Our automatic clustering algorithms find clusters with the most similarity between the proposed cluster elements and the least similarity with other clusters. The proposed clustering is further optimized by considering two types of objective index functions, and Artificial Bee Colony (ABC), Particle Swarm Optimization (PSO), and Differential Evolution (DE) methods. Comparison of the results obtained with other work in the literature shows improvements in terms of the low average number of evaluations functions, high accuracy, and low computation cost.