I have two clusters, one for normal traffics and another for anomaly traffics. I got both clusters using K-means clustering. I want to compare both clusters with patterns of normal data to reduce false alarms.Which technique is better in this case, using similarity and dissimilarity measures or pattern matching algorithms? I use NSL-KDD dataset. Is there any other useful way in this case? Exact comparison will not give result since we have different types of protocols and services.
Thank you.