Download - Academy Publisher
Download - Academy Publisher
Download - Academy Publisher
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ISBN 978-952-5726-09-1 (Print)<br />
Proceedings of the Second International Symposium on Networking and Network Security (ISNNS ’10)<br />
Jinggangshan, P. R. China, 2-4, April. 2010, pp. 089-092<br />
An Anomaly Detection Method Based on Fuzzy<br />
C-means Clustering Algorithm<br />
Linquan Xie 1 , Ying Wang 1,2 , Liping Chen 2 , and Guangxue Yue 1,2,3<br />
1<br />
Jiangxi University of Science and Technology, Ganzhou, China<br />
2<br />
Jiaxing University, Jiaxing, China<br />
3 Guangdong University of Business Studies ,GuangZhou, China<br />
Email: {lq_xie@163.com , wy363100506@sina.com}<br />
Abstract—Anomaly detection based on network flow is the<br />
basis of the monitoring and response application of<br />
anomaly, it is also the important content in the fields of<br />
network and security management. In this paper, the fuzzy<br />
C-means clustering (FCM) algorithm was applied to detect<br />
abnormality which based on network flow. For the<br />
problems of the FCM, for example, it needs to preset a<br />
number of clusters and initialize sensitively, and easily fall<br />
into local optimum, the paper introduced the method<br />
combined with the average information entropy, support<br />
vector machine and fuzzy genetic algorithm etc.. These<br />
hybrid algorithms can solve the mentioned problems and<br />
classify more accurately. Finally based on the current<br />
development and the discussion of the research, it<br />
summarized the trends of the network flow anomaly<br />
detection in the paper.<br />
Index Terms—network flow, anomaly detection, intrusion<br />
detection, anomaly analysis<br />
I. INTRODUCTION<br />
As the rapid expansion and the growing popularity of<br />
the Internet, more and more information has been<br />
transmitted and stored through the network. Cognizing<br />
and studying the behavioral characteristics of the Internet<br />
users has gradually attracted people's interest, and it also<br />
used to cognize, manage, optimize various kinds of the<br />
network resources, and is an important basis of the<br />
network planning and design. However, compared with<br />
the development of the network application types, the<br />
improvement of the network management technology<br />
lags behind the development of the application. How to<br />
provide a safe, reliable and efficient service environment<br />
for the vast number of the Internet users, it needs to be<br />
resolved to the network management. Network flow<br />
analysis comes into being for resolving these issues; we<br />
can indirectly get hold of the statistical behavior of the<br />
network by statistical analysis of the network flow. It can<br />
enhance the manager of the network and security to<br />
troubleshoot the network anomaly, maintaining the<br />
normal network and to ensure the network security. At<br />
present, for the network flow anomaly detection, there<br />
has conducted extensive research, but the detection<br />
accuracy has been far from desirable. Nevertheless, the<br />
anomaly detection plays an irreplaceable role in<br />
discovering unknown anomaly network intrusion<br />
detection and network failure detection, etc.<br />
II. METHODS OF THE ANOMALY DETECTION BASED ON<br />
THE NETWORK FLOW<br />
For the methods of the network flow anomaly<br />
detection, there has been summarized of the related<br />
research work in recent years, including the following<br />
methods: the research method based on the<br />
features/behavior, the anomaly detection based on the<br />
statistics, the method based on the machine learning and<br />
the method based on the data mining, etc.. We can find<br />
the latter three methods of anomaly detection construct<br />
models on normal behaviors, it compares with the<br />
normal model to detect anomalies, thus it can effectively<br />
find out the known and unknown attacks. With the<br />
continuous research of intrusion detection, people obtain<br />
plentiful and substantial results, at the same time, people<br />
come to realize the pervasive problems of intrusion<br />
detection, such as the rate of detection can not meet the<br />
requirements of the modern high-speed network<br />
communications, a higher rate of false alarm and missing<br />
report in intrusion detection system (IDS), the IDS lacks<br />
of active defense and the interaction is not enough<br />
among the other network security devices. To solve the<br />
above problems, the research on intrusion detection<br />
which is distributed, intelligent and comprehensive of<br />
development becomes a matter of course.<br />
III. ANOMALY DETECTION OF NETWORK FLOW BASED<br />
ON FUZZY C-MEANS CLUSTERING (FCM) ALGORITHM<br />
How to provide a safe, reliable and efficient service<br />
environment for the vast number of the Internet users, it<br />
needs to be resolved for the network management. With<br />
the rapid development of network technology and<br />
continuous improvement for invasion of technology, the<br />
ways of new attacks emerge in endlessly, in order to<br />
detect and defense the unknown attacks, the intelligent<br />
methods are the focus of intrusion detection and have<br />
been widely used, such as data mining, neural networks,<br />
support vector machine, intelligent agent and etc..<br />
Cluster analysis is used to discover the hidden patterns<br />
in the instance data and used to detect the meaningful<br />
characteristics in intrusion. How to accurately determine<br />
the intruder or the intrusion is the research topics of<br />
anomaly intrusion, while there are many algorithms for<br />
application of anomaly detection, among them, fuzzy<br />
C-means clustering (FCM) algorithm becomes a hot<br />
© 2010 ACADEMY PUBLISHER<br />
AP-PROC-CS-10CN006<br />
89