Unsupervised Anomaly Detection for Network Flow Using Immune Network Based K-means Clustering

摘要

To detect effectively unknown anomalous attack behaviors of network traffic,an Unsupervised Anomaly Detection approach for network flow using Immune Network based K-means clustering(UADINK)is proposed.In UADINK,artificial immune network based K-means clustering algorithm(aiNet_KMC)is introduced to cluster network flow,i.e.extracting abstract internal images from network flows and obtaining an optimizing parameter K of K-means by aiNet model,and network flows are clustered by K-means algorithm.The cluster labeling algorithm(clusLA)and the network flow anomaly detection algorithm(NFAD)are introduced to detect anomalous attack behaviors of network flows,where the clusLA algorithm is used for labeling whether each cluster belongs to malicious,and the labeled clusters are regarded as detectors to identify anomaly network flows by NFAD.To evaluate the effectiveness of UADINK,the ISCX 2012 IDS dataset is considered as the simulating experimental dataset.Compared with the NDM based K-means anomaly detection approach,the results show that UADINK is a radical anomaly detection approach in order to detect anomalies of network flows.