Title :
Visualization of flow data based on clustering technique for identifying network anomalies
Author :
Singh, Mrigendra Pratap ; Subramanian, Nachiappan ; Rajamenakshi
Author_Institution :
Comput. Network & Internet Eng., Center For Dev. Of Adv. Comput., Bangalore, India
Abstract :
In this paper we present an approach for visualizing net flow data through clustering to identify anomalies in network traffic. Various clustering techniques are applicable for Intrusion Detection for identifying anomalous events. In this paper we present an approach based on Simple K-Means for analyzing network flow data using any flow data attribute, such as IP address, port, protocols etc, to detect anomalies. Our approach is unique and efficient due to the preprocessing and filtering techniques devised. The outcome of our approach is firstly in its capability to detect anomalous network events, secondly in providing an overview about given data set based on key network parameters and thirdly, in providing visualization of interesting security events in a very intuitive way. We present our analysis and results where we demonstrate the visualization capabilities of our approach for detecting anomalous events.
Keywords :
computer network security; data flow analysis; pattern clustering; telecommunication traffic; clustering technique; flow data attribute; flow data visualization; intrusion detection; key network parameters; network anomaly; network flow data; network traffic; simple k-means; Application software; Computer networks; Data mining; Data security; Data visualization; Event detection; IP networks; Information security; Intrusion detection; Monitoring; Clustering; DS; DataMining; Netflow; Visualization;
Conference_Titel :
Industrial Electronics & Applications, 2009. ISIEA 2009. IEEE Symposium on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-4681-0
Electronic_ISBN :
978-1-4244-4683-4
DOI :
10.1109/ISIEA.2009.5356304
