Network Log Clustering Using K-Means Algorithm

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 150)


Network attacks are a serious issue in today’s network environment. The different network security alert system analyse network log files to detect these attacks. Clustering is useful for wide variety of real time applications dealing with large amount of data. Clustering divides the raw data into clusters. These clusters contain data points which have similarity between themselves and dissimilarity with other cluster data points. If these clusters are given to these security alert systems, they will take less time in analysis as the data will be grouped according to the criteria the security system needs. This can be done by using k means clustering algorithm. In this first number of clusters are selected and then centroids are initialized. Then data points are assigned to the cluster with nearest centroid and mean of the centroid is calculated. This step is repeated till no data points are left. The objective is to cluster the network data log so as to make it easier for different security alert systems to analyse the data and detect network attacks.


Data clustering K means algorithm Centroid Data points Network attacks Network traffic log 


  1. 1.
    Das D, Sharma U, Bhattachacharyya DK (2008) An intrusion detection mechanism based on feature based data clustering. In: ICET 2008 4th international conference on emerging technologyGoogle Scholar
  2. 2.
    Casas P, Mazel J, Owezarski P (2011) Steps towards autonomous network security: unsupervised detection of network attacks. In: 4th IFIP international conference on new technologies, mobility and security (NTMS)Google Scholar
  3. 3.
    Lima MF, Zarpelao BB, Sampaio LDH, Rodrigues JJPC, Abrao T, Proenca ML (2010) Anomaly detection using baseline and K-means clustering. In: International conference on software telecommunications and computer networks (SoftCOM)Google Scholar
  4. 4.
    Zhong S, Khoshgoftaar TM, Nath SV (2005) A clustering approach to wireless network intrusion detection. In: ICTAI 05, 17th IEEE international conference on tools with artificial intelligenceGoogle Scholar
  5. 5.
    Qu Z, Wang X (2009) Study of rough set and clustering algorithm in network security management. In: NSWCTC ‘09, international conference on networks security, wireless communications and trusted computingGoogle Scholar
  6. 6.
    Zhao YW, Chi C-H, Ding C (2011) Analysis of data clustering support for service. In: IEEE 2nd international conference on software engineering and service science (ICSESS)Google Scholar
  7. 7.
    Elgohary A, Ismail MA (2011) Efficient data clustering over peer to peer network. In: 11th international conference on intelligent systems design and application (ISDA)Google Scholar
  8. 8.
    Yazdani D, Golyari S, Meybodi MR (2010) A new hybrid approach for data clustering. In: 5th international symposium on telecommunications (IST)Google Scholar
  9. 9.
    Singh RV, Bhatia MPS (2011) Data clustering with modified K-means algorithm. In: International conference on recent trends in information technology (ICRTIT)Google Scholar
  10. 10.
    Weng F, Jiang Q, Liang S, Wu N (2007) An intrusion detection system based on clustering ensemble. In: IEEE international workshop on 16–18 April 2007Google Scholar
  11. 11.
    Xu R, Wunsch D II (2005) Survey of clustering algorithms. IEEE Trans Neural Netw 16(3):648–666Google Scholar
  12. 12.
    Han J, Kamber M (2006) Data mining concepts and techniques, 2nd edn. Morgan Kaufmann Publishers, San FranciscoGoogle Scholar
  13. 13.
    Jain AK, Murty MN, Flynn PJ (1999) Data clustering: a review. ACM Comput Surv 31(3):278–282Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Department of Computer EngineeringSinhgad Institute of TechnologyLonavalaIndia

Personalised recommendations