Network Traffic Anomaly Detection Using Adaptive Density-Based Fuzzy Clustering

Fuzzy C-means (FCM) clustering has been used to distinguish communication network traffic outliers based on the uncommon statistical characteristics of network traffic data. The raditional FCM does not leverage spatial information in its analysis, which leads to inaccuracies in certain instances. To address this challenge, this paper proposes an adaptive fuzzy clustering technique based on existing possibilistic clustering algorithms. The proposed technique simultaneously considers distance, density, and the trend of density change of data instances in the membership degree calculation. Specifically the membership degree is quickly updated when the distance or density is beyond the pre-defined threshold, or density change does not match the data distribution. In contrast, the traditional FCM updates its membership degree only based on the distance between data points and the cluster centroid. The proposed approach enables the clustering to reflect the inherent diversity nature of communication network traffic. Further, an adaptive threshold is introduced to speed up the iterative clustering process. The proposed algorithm has been evaluated via experiments using traffic from a real network. The results indicate that the adaptive fuzzy clustering reduces false negatives while improves true positive results.