Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

Tian Yi Yang; Shi Yue Liu; Jun Yi Liu

doi:10.1088/1742-6596/1284/1/012067

Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

Tian Yi Yang, Shi Yue Liu^*, Jun Yi Liu

^*此作品的通讯作者

自动化学院

Beijing Institute of Technology

科研成果: 期刊稿件 › 会议文章 › 同行评审

7 引用（Scopus）

摘要

This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.

源语言	英语
文章编号	012067
期刊	Journal of Physics: Conference Series
卷	1284
期	1
DOI	https://doi.org/10.1088/1742-6596/1284/1/012067
出版状态	已出版 - 22 8月 2019
活动	2019 3rd International Conference on Data Mining, Communications and Information Technology, DMCIT 2019 - Beijing, 中国期限: 24 5月 2019 → 26 5月 2019

访问文件

10.1088/1742-6596/1284/1/012067

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{ae155d5a817149f6ac8df5cc48790e1a,

title = "Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm",

abstract = "This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.",

author = "Yang, {Tian Yi} and Liu, {Shi Yue} and Liu, {Jun Yi}",

note = "Publisher Copyright: {\textcopyright} 2019 Published under licence by IOP Publishing Ltd.; 2019 3rd International Conference on Data Mining, Communications and Information Technology, DMCIT 2019 ; Conference date: 24-05-2019 Through 26-05-2019",

year = "2019",

month = aug,

day = "22",

doi = "10.1088/1742-6596/1284/1/012067",

language = "English",

volume = "1284",

journal = "Journal of Physics: Conference Series",

issn = "1742-6588",

publisher = "IOP Publishing Ltd.",

number = "1",

}

TY - JOUR

T1 - Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

AU - Yang, Tian Yi

AU - Liu, Shi Yue

AU - Liu, Jun Yi

PY - 2019/8/22

Y1 - 2019/8/22

N2 - This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.

AB - This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn't belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.

UR - http://www.scopus.com/inward/record.url?scp=85073529650&partnerID=8YFLogxK

U2 - 10.1088/1742-6596/1284/1/012067

DO - 10.1088/1742-6596/1284/1/012067

M3 - Conference article

AN - SCOPUS:85073529650

SN - 1742-6588

VL - 1284

JO - Journal of Physics: Conference Series

JF - Journal of Physics: Conference Series

IS - 1

M1 - 012067

T2 - 2019 3rd International Conference on Data Mining, Communications and Information Technology, DMCIT 2019

Y2 - 24 May 2019 through 26 May 2019

ER -

Network Traffic Anomaly Detection Based on Incremental Possibilistic Clustering Algorithm

摘要

访问文件

其它文件与链接

指纹

引用此