Multi-way Association Clustering Analysis on Adaptive Real-Time Multicast Data

  • Sheneela Naz
  • Sohail Asghar
  • Simon Fong
  • Amir Qayyum
Part of the Communications in Computer and Information Science book series (CCIS, volume 136)


Classification of real time multicast data using payload-based analysis is becoming increasingly difficult with many applications that a network supports. In this paper, we set our goal to identify the recurrent patterns and classification of transport layer data, as an effective measure of anomaly-based intrusion detection. These patterns are identified by using association rules techniques such as Apriori and clustering algorithms. A simulation experiment was configured to verify the efficacy of the algorithms. We are able to find an association between flow parameters for network traffic from the simulated data. This paper contributes a possible approach of analyzing behavior patterns for building a network traffic intrusion detection system and firewall at Transport layer, by using unsupervised association rule mining and clustering techniques.


Clustering association rules real-time multicast network security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaudhary, U.K., Papapanagiotou, I., Devetsikiotis, M.: Flow Classification Using Clustering and Association Rule Mining (2010)Google Scholar
  2. 2.
    Erman, J., Arlitt, M., Mahanti, A.: Traffic Classification Using Clustering Algorithms. In: MineNet 2006 Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data (2006)Google Scholar
  3. 3.
    Guan, Y., Ghorbani, A.A., Belacel, N.: Y-MEANS: A Clustering Method for Intrusion Detection. In: Canadian Conference on Electrical and Computer Engineering CCECE, vol. 2, pp. 1083–1086 (2003)Google Scholar
  4. 4.
    Patcha, A., Park, J.-M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks (2007)Google Scholar
  5. 5.
    Smaha, S.E., Haystack.: An Intrusion Detection System. In: Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL, pp. 37–44 (1988)Google Scholar
  6. 6.
    Anderson, D., Frivold, T., Tamaru, A., Valdes, A.: Next Generation Intrusion Detection Expert System (NIDES). Software Users Manual, Beta-Update release, Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Technical Report SRI-CSL-95-0 (May 1994)Google Scholar
  7. 7.
    Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical Automated Detection of Stealthy Portscans. Journal of Computer Security 10, 105–136 (2002)CrossRefGoogle Scholar
  8. 8.
    Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate Statistical Analysis of Audit Trails For Host-Based Intrusion Detection. IEEE Transactions on Computers 51, 810–820 (2002)CrossRefGoogle Scholar
  9. 9.
    Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.-N., Kumar, V., Srivastava, J., Dokas, P.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press, Boston (2004)Google Scholar
  10. 10.
    Barbara´, D., Couto, J., Jajodia, S., Wu, N.: ADAM: a Testbed for Exploring the Use of Data Mining in Intrusion Detection. ACM SIGMOD Record: SPECIAL ISSUE: Special Section on Data Mining for Intrusion Detection and Threat Analysis 30, 15–24 (2001)Google Scholar
  11. 11.
    Dickerson, J.E., Dickerson, J.A.: Fuzzy Network Profiling for Intrusion Detection. In: Proceedings of the 19th International Conference of the North American Fuzzy Information Processing Society (NAFIPS), Atlanta, GA, pp. 301–306 (2000)Google Scholar
  12. 12.
    Mahoney, M.V., Chan, P.K.: PHAD Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA, Technical Report CS- 2001-4 (April 2001)Google Scholar
  13. 13.
    Mahoney, M.V., Chan, P.K.: Learning Non Stationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, pp. 376–385 (2002)Google Scholar
  14. 14.
    Valdes, A., Skinner, K.: Adaptive Model-Based Monitoring for Cyber Attack Detection. In: Recent Advances in Intrusion Detection Toulouse, France, pp. 80–92 (2000)Google Scholar
  15. 15.
    Liu, Y., Li, Y., Man, H.: A Hybrid Data Mining Anomaly Detection Technique in Ad Hoc Networks. Int. J. Wireless and Mobile Computing 2(1) (2007)Google Scholar
  16. 16.
    Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium (SECURITY 1998), Berkeley, CA, USA, pp. 79–94 (1998)Google Scholar
  17. 17.
    Ramadas, M., Tjaden, S.O.B.: Detecting Anomalous Network Traffic with Self-Organizing Maps. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, pp. 36–54 (2003)Google Scholar
  18. 18.
    Hoang, X.D., Hu, J., Bertok, P.: A Multi-layer Model for Anomaly Intrusion Detection Using Program Sequences of System Calls. In: The 11th IEEE International Conference on Networks, ICON 2003, pp. 531–536 (2003)Google Scholar
  19. 19.
    Bouras, C., Gkamas, A., Kioumourtzis, G.: Adaptive Smooth Multicast Protocol for Multimedia Data Transmission. In: 2008 International Symposium on Performance Evaluation of Computer and Telecommunication Systems – SPECTS 2008, Edinburgh, UK, pp. 16–18 (June 2008)Google Scholar
  20. 20.
    Padhye, et al.: A model based TCP - friendly rate control protocol. In: Proc. International Workshop on Network (1999)Google Scholar
  21. 21.
    Legout, A., Biersack, E.W.: PLM: Fast Convergence for Cumulative Layered Multicast Transmission. In: Proceedings of ACM SIGMETRICS 2000, pp. 13–22 (2000)Google Scholar
  22. 22.
    Borgelt, C., Kruse, R.: Induction of association rules: Apriori implementation. In: Proceedings of the 15th Symposium on Computational Statistics, p. 395. Physica Verlag, Berlin (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Sheneela Naz
    • 1
  • Sohail Asghar
    • 1
  • Simon Fong
    • 2
  • Amir Qayyum
    • 3
  1. 1.Center of Research in Data Engineering (CORDE)Mohammad Ali Jinnah UniversityIslamabadPakistan
  2. 2.Department of Computer and Information ScienceUniversity of MacauMacau SAR
  3. 3.Center of Research in Networks & Telecommunication (CoReNeT)Mohammad Ali Jinnah UniversityIslamabadPakistan

Personalised recommendations