Skip to main content
SpringerLink
Log in

Unsupervised Anomaly Detection for Network Flow Using Immune Network Based K-means Clustering

  • Conference paper
  • First Online:
Data Science (ICPCSEE 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 727))

Abstract

To detect effectively unknown anomalous attack behaviors of network traffic, an Unsupervised Anomaly Detection approach for network flow using Immune Network based K-means clustering (UADINK) is proposed. In UADINK, artificial immune network based K-means clustering algorithm (aiNet_KMC) is introduced to cluster network flow, i.e. extracting abstract internal images from network flows and obtaining an optimizing parameter K of K-means by aiNet model, and network flows are clustered by K-means algorithm. The cluster labeling algorithm (clusLA) and the network flow anomaly detection algorithm (NFAD) are introduced to detect anomalous attack behaviors of network flows, where the clusLA algorithm is used for labeling whether each cluster belongs to malicious, and the labeled clusters are regarded as detectors to identify anomaly network flows by NFAD. To evaluate the effectiveness of UADINK, the ISCX 2012 IDS dataset is considered as the simulating experimental dataset. Compared with the NDM based K-means anomaly detection approach, the results show that UADINK is a radical anomaly detection approach in order to detect anomalies of network flows.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Li, B., et al.: A survey of network flow applications. J. Netw. Comput. Appl. 36(2), 567–581 (2013)

    Article  Google Scholar 

  2. Sperotto, A., et al.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tutor. 12(3), 343–356 (2010)

    Article  Google Scholar 

  3. Moore, A., Denis, Z., Crogan, M.: Discriminators for use in flow-based classification. Department of Computer Science, Queen Mary and Westfield College (2005)

    Google Scholar 

  4. Tan, Z., et al.: Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans. Comput. 64(9), 2519–2533 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  5. Ahmed, M., Mahmood, A., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  6. Buczak, A., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016)

    Article  Google Scholar 

  7. Sheikhan, M., Jadidi, Z.: Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network. Neural Comput. Appl. 24(3–4), 599–611 (2014)

    Article  Google Scholar 

  8. Jadidi, Z., et al.: Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm, pp. 76–81(2013)

    Google Scholar 

  9. Sperotto, A., et al.: A labeled data set for flow-based intrusion detection. In: International Workshop on IP Operations and Management, pp. 39–50 (2009)

    Google Scholar 

  10. Rodriguez, A., Laio, A.: Clustering by fast search and find of density peaks. Science 344(6191), 1492–1496 (2014)

    Article  Google Scholar 

  11. Jain, A., Murty, M., Flynn, P.: Data clustering: a review. ACM Comput. Surv. 31(3), 264–323 (1999)

    Article  Google Scholar 

  12. Xu, R., Wunsch, D.: Survey of clustering algorithms. IEEE Trans. Neural Netw. 16(3), 645–678 (2005)

    Article  Google Scholar 

  13. Hruschka, E., et al.: A survey of evolutionary algorithms for clustering. IEEE Trans. Syst. Man Cybern. Part C 39(2), 133–155 (2009)

    Article  Google Scholar 

  14. Nanda, S., Panda, G.: A survey on nature inspired metaheuristic algorithms for partitional clustering. Swarm Evol. Comput. 16, 1–18 (2014)

    Article  Google Scholar 

  15. He, H., Tan, Y.: A two-stage genetic algorithm for automatic clustering. Neurocomputing 81, 49–59 (2012)

    Article  Google Scholar 

  16. de Castro, L., Von Zuben, F.: aiNet: an artificial immune network for data analysis. Data Mining: Heuristic Approach 2001(1), 231–259 (2001)

    Google Scholar 

  17. Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)

    Article  Google Scholar 

  18. Portnoy, L., et al.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA) (2001)

    Google Scholar 

  19. Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-Eighth Australasian Conference on Computer Science, pp. 333–342 (2005)

    Google Scholar 

  20. Petrovic, S., et al.: Labelling clusters in an intrusion detection system using a combination of clustering evaluation techniques. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS 2006), p. 129 (2006)

    Google Scholar 

  21. Syarif, I., Prugel-Bennett, A., Wills, G.: Unsupervised clustering approach for network anomaly detection. In: Benlamri, R. (ed.) NDT 2012. CCIS, vol. 293, pp. 135–145. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30507-8_13

    Chapter  Google Scholar 

  22. Erman, J., et al.: Offline/realtime traffic classification using semi-supervised learning. Perform. Eval. 64(9–12), 1194–1213 (2007)

    Article  Google Scholar 

  23. Münz, G., Li, S., Carle, G.: Traffic anomaly detection using k-means clustering. In: GI/ITG Workshop MMBnet (2007)

    Google Scholar 

  24. Ahmed, M., Mahmood, A.: Network traffic analysis based on collective anomaly detection. In: 9th IEEE Conference on Industrial Electronics and Applications, pp. 1141–1146 (2014)

    Google Scholar 

  25. Winter, P., Hermann, E., Zeilinger, M.: Inductive intrusion detection in flow-based network data using one-class support vector machines. In: 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2011)

    Google Scholar 

  26. Shiravi, A., et al.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)

    Article  Google Scholar 

  27. Timmis, J., et al.: Theoretical advances in artificial immune systems. Theoret. Comput. Sci. 403(1), 11–32 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  28. Shi, Y., et al.: An immunity-based time series prediction approach and its application for network security situation. Intel. Serv. Robot. 8(1), 1–22 (2015)

    Article  MathSciNet  Google Scholar 

  29. Shi, Y., et al.: Network security situation prediction approach based on clonal selection and SCGM (1, 1) c model. J. Internet Technol. 17(3), 421–429 (2016)

    Google Scholar 

  30. Shi, Y., et al.: An immunity-based IOT environment security situation awareness model. J. Comput. Commun. 5(7), 182–197 (2017)

    Article  Google Scholar 

  31. Jerne, N.: Towards a network theory of the immune system. In: Annales d’immunologie (1974)

    Google Scholar 

  32. MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Oakland, CA, USA (1967)

    Google Scholar 

  33. Gaddam, S., Phoha, V., Balagani, K.: K-Means+ ID3: a novel method for supervised anomaly detection by cascading K-Means clustering and ID3 decision tree learning methods. IEEE Trans. Knowl. Data Eng. 19(3), 345–354 (2007)

    Article  Google Scholar 

  34. Li, W., et al.: Efficient application identification and the temporal and spatial stability of classification schema. Comput. Netw. 53(6), 790–809 (2009)

    Article  MATH  Google Scholar 

  35. Maloof, M.: Machine Learning and Data Mining for Computer Security: Methods and Applications. Springer, New York (2005). doi:10.1007/1-84628-253-5

    Google Scholar 

Download references

Acknowledgements

This work was funded by the National Natural Science Foundation of China under Grant No. 61462025, the China Postdoctoral Science Foundation under Grant No. 2014M562102, Hunan Provincial Natural Science Foundation of China under Grant No. 2015JJ2112, and the Scientific Research Fund of Hunan Provincial Education Department of China under Grant No. 12B099.

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Huaihua University, Huaihua, 418008, China

    Yuanquan Shi & Xiaoning Peng

  2. College of Computer Science and Electronic Engineering, Hunan University, Changsha, 410082, China

    Yuanquan Shi & Renfa Li

  3. College of Information Science and Technology, Hainan Normal University, Haikou, 571158, China

    Yu Zhang

Authors
  1. Yuanquan Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoning Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Renfa Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuanquan Shi .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Beiji Zou

  2. Central South University, Changsha, China

    Min Li

  3. Harbin Institute of Technology, Harbin, China

    Hongzhi Wang

  4. Harbin University of Science and Technology, Harbin, China

    Xianhua Song

  5. Harbin University of Science and Technology, Harbin, China

    Wei Xie

  6. Harbin Sea of Clouds and Computer Technology, Harbin, China

    Zeguang Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Shi, Y., Peng, X., Li, R., Zhang, Y. (2017). Unsupervised Anomaly Detection for Network Flow Using Immune Network Based K-means Clustering. In: Zou, B., Li, M., Wang, H., Song, X., Xie, W., Lu, Z. (eds) Data Science. ICPCSEE 2017. Communications in Computer and Information Science, vol 727. Springer, Singapore. https://doi.org/10.1007/978-981-10-6385-5_33

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-6385-5_33

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-6384-8

  • Online ISBN: 978-981-10-6385-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation