A multi-objective clustering approach for the detection of abnormal behaviors in mobile networks

The visualization of mobile network data can be of significant value to the network security administrator in order to detect anomalies in the normal traffic, caused by malicious attacks. Although several visualization types of the network structure and traffic already exist, the literature around visualizing behavioral aspects of users or network components, in order to distinguish the normal from the abnormal ones, is limited. In this paper, a behavior-based approach for visualizing the users of the network, with respect to specific aspects of their behavior, is proposed. The approach introduces the extraction of behavior-related descriptors from the raw network traffic data, which can be used to visualize behavioral similarities, so that users with similar behavior are depicted as points close to each other. Multiple descriptors are extracted from each user and are used as the multiple modalities in a state-of-the-art multi-objective visualization method. The outcome of the multi-objective method is a visualization of the behavioral similarities of users, according to the selection of a trade-off among the multiple descriptors. This allows the analyst to visually detect anomalies and analyze their evolution in time. Experimental evaluation of the proposed approach with several datasets in various application scenarios verify its efficiency.