Anomaly detection model based on data stream clustering
- 237 Downloads
Intrusion detection provides important protection for network security and anomaly detection as a type of intrusion detection, which can recognize the pattern of normal behaviors and label the behaviors which departure from normal pattern as anomaly behaviors. The updating of network equipment and broadband speed makes the data mining object change from static data sets to dynamic data streams. We think that the traditional methods based on data set do not satisfy the needs of dynamic network environment. The network data stream is temporal and cannot be treated as static data set. The concept and distribution of data objects is variety in different time stamps and the changing is unpredictable. Therefore, we propose an improved data stream clustering algorithm and design the anomaly detection model according to the improved algorithm. The established model can be modified with the changing of data stream and detect anomaly behaviors in time.
KeywordsIntrusion detection Anomaly detection Data stream Clustering
This work was funded by the National Natural Science Foundation of China (61373134, 61402234). It was also supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD), Jiangsu Key Laboratory of Meteorological Observation and Information Processing (KDXS1105) and Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology (CICAEET). Prof. Jin Wang is the corresponding author. We declare that we do not have any conflicts of interest to this work.
Funding This study was funded by the National Natural Science Foundation of China (Grant Number 61373134, 61402234).
Compliance with ethical standards
Conflict of interest
Chunyong Yin, Sun Zhang, Zhichao Yin and Jin Wang declares that they have no conflict of interest. Ethical approval This article does not contain any studies with human participants or animals performed by any of the authors.
- 1.Lee, W., Stolfo, S., Mok, K.: Mining audit data to build intrusion detection models. In: International Conference on Knowledge Discovery & Data Mining, pp. 66–72 (1998)Google Scholar
- 10.Yin, C., Zhang, S.: Parallel implementing improved k-means applied for image retrieval and anomaly detection. Multimed. Tools Appl. 2016, 1–17 (2016)Google Scholar
- 11.Yin, C., Zhang, S., Kim, K.: Mobile anomaly detection based on improved self-organizing maps. Mob. Inf. Syst. 2017, 1–9 (2017)Google Scholar
- 12.Yin, C., Zhang, S., Xi, J., Wang, J.: An improved anonymity model for big data security based on clustering algorithm. Concurr. Comput.-Pract. Exp. 29(7), 1–13 (2016)Google Scholar
- 14.Oh, S., Kang, S., Byun, Y., Jeong, T., Lee, W.: Anomaly intrusion detection based on clustering a data stream. In: ACIS International Conference on Software Engineering Research, Management and Applications, vol. 4176, pp. 220–227 (2005)Google Scholar
- 16.Aggarwal, C., Yu, P., Han, J., Wang, J.: A framework for clustering evolving data streams. In: International Conference on Very Large Data Bases, vol. 29, pp. 81–92 (2003)Google Scholar
- 17.Cao, F., Ester, M., Qian, W., Zhou, A.: Density-based clustering over an evolving data stream with noise. In: SIAM International Conference on dData Mining, pp. 328–339 (2006)Google Scholar
- 18.Udommanetanakit, K., Rakthanmanon, T., Waiyamai, K.: E-Stream: evolution-based technique for stream clustering. In: Third International Conference on Advanced Data Mining and Applications, pp. 605–615 (2007)Google Scholar
- 19.Chen, Y., Tu, L.: Density-based clustering for real-time stream data. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 133–142 (2007)Google Scholar