ANOMALY DETECTION USING FIREFLY HARMONIC CLUSTERING ALGORITHM

Mario H. A. C. Adaniya, Moises F. Lima, Lucas D. H. Sampaio, Taufik Abrão, Mario Lemes Proença Jr.

Abstract

The performance of communication networks can be affected by a number of factors including misconfiguration, equipments outages, attacks originated from legitimate behavior or not, software errors, among many other causes. These factors may cause an unexpected change in the traffic behavior, creating what we call anomalies that may represent a loss of performance or breach of network security. Knowing the behavior pattern of the network is essential to detect and characterize an anomaly. Therefore, this paper presents an algorithm based on the use of Digital Signature of Network Segment (DSNS), used to model the traffic behavior pattern. We propose a clustering algorithm, K-Harmonic means (KHM), combined with a new heuristic approach, Firefly Algorithm (FA), for network volume anomaly detection. The KHM calculate a weighting function of each point to calculate new centroids and circumventing the initialization problem present in most center based clustering algorithm and exploits the search capability of FA from escaping local optima. Processing the DSNS data and real traffic adata is possible to detect and point intervals considered anomalous with a trade-off between the 90% true-positive rate and 30% false-positive rate.

References

  1. Chandola, V., Banerjee, A., and Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys., 41(3).
  2. Fawcett, T. (2005). An introduction to ROC analysis. Pattern Recognition Letters, 27:861-874.
  3. Güngör, Z. and Ü nler, A. (2007). K-harmonic means data clustering with simulated annealing heuristic. Applied Mathematics and Computation, 184(2):199-209.
  4. Jain, A., Murty, M., and Flynn, P. (1999). Data clustering: A review. ACM Computing Survey, 31(3):264-323.
  5. Lima, M., Zarpela˜o, B., Sampaio, L., Rodrigues, J., Abra˜o, T., and Proenc¸a Jr., M. (2010). Anomaly detection using baseline and k-means clustering. In Software, Telecommunications and Computer Networks (SoftCOM), 2010 International Conference on, pages 305 -309.
  6. MacQueen, J. B. (1967). Some methods for classification and analysis of multivariate observations. In Proceedings of 5th Berkeley Symposium on Mathematical Statistics and Probability, pages 281-297.
  7. Patcha, A. and Park, J.-M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks: The International Journal of Computer and Telecommunications Networking, 51:3448-3470.
  8. Pham, D. T., Otri, S., Afify, A. A., Mahmuddin, M., and Al-Jabbouli, H. (2007). Data clustering using the bees algorithm. In Proc 40th CIRP Int. Manufacturing Systems Seminar, Liverpool.
  9. Proenc¸a, M. L., Coppelmans, C., Botolli, M., and de Souza Mendes, L. (2006). Security and reliability in information systems and networks: Baseline to help with network management., pages 149-157. Springer.
  10. Selim, S. Z. and Ismail, M. A. (1984). K-means type algorithms: A generalized convergence theorem and characterization of local optimality. IEEE Transactions on Pattern Analysis and Machine Intelligence, 6:81-86.
  11. Sequeira, K. and Zaki, M. (2002). Admit: anomalybased data mining for intrusions. In Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, KDD 7802, pages 386-395, New York, NY, USA. ACM.
  12. Yang, F., Sun, T., and Zhang, C. (2009). An efficient hybrid data clustering method based on k-harmonic means and particle swarm optimization. Expert Syst. Appl., 36(6):9847-9852.
  13. Yang, X.-S. (2008). Nature-Inspired Metaheuristic Algorithms. Luniver Press.
  14. Yang, X.-S. (2009). Firefly algorithms for multimodal optimization. In Stochastic Algorithms: Foundations and Applications, SAGA 2009, Lecture Notes in Computer Sciences, volume 5792, pages 169-178.
  15. Zarpela˜o, B. B., de Souza Mendes, L., Jr., M. L. P., and Rodrigues, J. J. P. C. (2009). Parameterized anomaly detection system with automatic configuration. In GLOBECOM, pages 1-6. IEEE.
  16. Zhang, B., Hsu, M., and Dayal, U. (1999). K-harmonic means - a data clustering algorithm. Technical Report HPL-1999-124, Hewlett-Packard Laboratories.
  17. Zhang, W., Yang, Q., and Geng, Y. (2009). A survey of anomaly detection methods in networks. In Computer Network and Multimedia Technology, 2009. CNMT 2009. International Symposium on, pages 1 -3.
Download


Paper Citation


in Harvard Style

H. A. C. Adaniya M., F. Lima M., D. H. Sampaio L., Abrão T. and Lemes Proença Jr. M. (2011). ANOMALY DETECTION USING FIREFLY HARMONIC CLUSTERING ALGORITHM . In Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011) ISBN 978-989-8425-69-0, pages 63-68. DOI: 10.5220/0003525800630068


in Bibtex Style

@conference{dcnet11,
author={Mario H. A. C. Adaniya and Moises F. Lima and Lucas D. H. Sampaio and Taufik Abrão and Mario Lemes Proença Jr.},
title={ANOMALY DETECTION USING FIREFLY HARMONIC CLUSTERING ALGORITHM},
booktitle={Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)},
year={2011},
pages={63-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003525800630068},
isbn={978-989-8425-69-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Data Communication Networking and Optical Communication System - Volume 1: DCNET, (ICETE 2011)
TI - ANOMALY DETECTION USING FIREFLY HARMONIC CLUSTERING ALGORITHM
SN - 978-989-8425-69-0
AU - H. A. C. Adaniya M.
AU - F. Lima M.
AU - D. H. Sampaio L.
AU - Abrão T.
AU - Lemes Proença Jr. M.
PY - 2011
SP - 63
EP - 68
DO - 10.5220/0003525800630068