Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

Tian Yi Yang; Shi Yue Liu; Jun Yi Liu

doi:10.1088/1742-6596/1284/1/012067

Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

Tian Yi Yang, Shi Yue Liu^*, Jun Yi Liu

^*Corresponding author for this work

School of Automation

Beijing Institute of Technology

Research output: Contribution to journal › Conference article › peer-review

7 Citations (Scopus)

Abstract

This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.

Original language	English
Article number	012067
Journal	Journal of Physics: Conference Series
Volume	1284
Issue number	1
DOIs	https://doi.org/10.1088/1742-6596/1284/1/012067
Publication status	Published - 22 Aug 2019
Event	2019 3rd International Conference on Data Mining, Communications and Information Technology, DMCIT 2019 - Beijing, China Duration: 24 May 2019 → 26 May 2019

Access to Document

10.1088/1742-6596/1284/1/012067

Cite this

@article{ae155d5a817149f6ac8df5cc48790e1a,

title = "Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm",

abstract = "This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.",

author = "Yang, {Tian Yi} and Liu, {Shi Yue} and Liu, {Jun Yi}",

note = "Publisher Copyright: {\textcopyright} 2019 Published under licence by IOP Publishing Ltd.; 2019 3rd International Conference on Data Mining, Communications and Information Technology, DMCIT 2019 ; Conference date: 24-05-2019 Through 26-05-2019",

year = "2019",

month = aug,

day = "22",

doi = "10.1088/1742-6596/1284/1/012067",

language = "English",

volume = "1284",

journal = "Journal of Physics: Conference Series",

issn = "1742-6588",

publisher = "IOP Publishing Ltd.",

number = "1",

}

TY - JOUR

T1 - Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

AU - Yang, Tian Yi

AU - Liu, Shi Yue

AU - Liu, Jun Yi

PY - 2019/8/22

Y1 - 2019/8/22

N2 - This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.

AB - This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.

UR - http://www.scopus.com/inward/record.url?scp=85073529650&partnerID=8YFLogxK

U2 - 10.1088/1742-6596/1284/1/012067

DO - 10.1088/1742-6596/1284/1/012067

M3 - Conference article

AN - SCOPUS:85073529650

SN - 1742-6588

VL - 1284

JO - Journal of Physics: Conference Series

JF - Journal of Physics: Conference Series

IS - 1

M1 - 012067

T2 - 2019 3rd International Conference on Data Mining, Communications and Information Technology, DMCIT 2019

Y2 - 24 May 2019 through 26 May 2019

ER -

Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

Abstract

Access to Document

Other files and links

Fingerprint

Cite this