Enhanced intrusion detection system via agent clustering and classification based on outlier detection S. Sandosh 1 & V. Govindasamy 2 & G. Akila 1 Received: 19 April 2019 /Accepted: 23 September 2019 # Springer Science+Business Media, LLC, part of Springer Nature 2020 Abstract The rapid evolution of cloud computing technology has enabled seamless connection of devices on a broad spectrum. Also, it enables storage of massive quantity of data in the form of data centers. This suggests a shared pool of resources where users situated all over the world have access to the aforementioned data centers. Such a framework has cyber-security based challenges where it becomes vulnerable to external attacks. There arises a need for an Intrusion Detection System (IDS) to prevent the system from unwanted and malicious attacks. However, the existing IDS have not been able to efficiently combinehigh accuracy with low complexity and time efficiency. In order to overcome these challenges an Enhanced Intrusion Detection System via Agent Clustering and Classification based on Outlier Detection (EIDS-ACC-OD) is proposed. At first, preprocessing is per- formed to remove unwanted spaces using outlier detection. Then modified K-means clustering algorithm is developed for data segmentation. Further, K-Nearest Neighbor (KNN) is utilized for categorization of the attacks. Keywords Intrusion detection system (IDS) . Agent Clustering & Classification (ACC) . Outlier detection (OD) . K-nearest neighbour (KNN) 1 Introduction Recently, the open and distributed structure of cloud comput- ing and their services turn out to be an attractive aim for possible cyber-attacks by some intruders. The traditional Intrusion Detection and Prevention Systems (IDPS) are con- sidered generally ineffective to be used in the environments of cloud computing because of their dynamicity, virtualization and openness in the services that were offered. Normally, the cloud resources are dynamic, scalable, and virtualized, so pro- viding security to cloud is one of the important problem [1]. Computer attacks have become prevalent these days. Just owning a computer that is connected to the World Wide Web increases the chance of attack significantly. The more sensitive the information stored in a computer network, higher the possibility of attack. In order to address the growing trend of computer attacks and to give a possible response to the threat, the network traffic activity is much scrutinized. The practice of intrusion detection includes the pursuing of signif- icant events that occurs in a computer network and analyzes in order to identify the probable presence of intrusions. It can also be described as a combination of a set of practices and frameworks utilized in order to detect the errors that leads to security failure by anomaly and misuse detection. Further, it also incorporates anomaly and misuse detection with the in- tention of diagnosing intrusion and attacks. One of the chief objectives of intrusion detection is to alert the designated ad- ministrators regarding the suspicious activities [2]. There are also cases where these systems endeavor to even avoid the attacks. The unique set of rules utilized in intrusion detection system basically vary from other frame- works such as firewall, access control or even encryption system which endeavors to safeguard the computer system. With the focus now being shifted on towards the enhance- ment of security measures, newer attack techniques are also on the rise [3]. Intrusion Detection System (IDS) has become the most significant component in the mechanism of security among these techniques. IDS is defined as the system that is implemented for the purpose of analyzing and monitoring the communications in the network and to detect the intrusions and anomalies [4]. An outlier can be defined as a data point at which a differ- ence from rest of the dataset is observed based on the pre- * S. Sandosh ssandosh67@gmail.com 1 Department of Computer Science & Engineering, Pondicherry Engineering College, Puducherry, India 2 Department of Information Technology, Pondicherry Engineering College, Puducherry, India Peer-to-Peer Networking and Applications https://doi.org/10.1007/s12083-019-00822-3