Network traffic analysis over clustering-based collective anomaly detection

Due to the ever-growing presence of network traffic, there has been a considerable amount of research on anomaly detection in network traffic by clustering. Most of them have not considered the problem that collective anomaly detection in network traffic. Collective anomaly might scatter among multiple clusters when applying the clustering-based algorithms in the anomaly detection. In this paper, we propose a progressive exploration framework for collective anomaly detection on network traffic based on a clustering method, called CCAD. CCAD enables analysts to effectively explore collective anomaly in network traffic. This framework is different from the other anomaly detection methods. It is based on the analysis of the influence of collective anomaly on the clustering results in the network traffic stream data. CCAD framework efficiently supports the collective anomaly exploration. As demonstrated by our extensive experiments with real-world data, CCAD has high detection rate in comparison with other existing methods.

Automated summary

In this paper, we propose a progressive exploration framework for collective anomaly detection on network traffic based on a clustering method called CCAD. Extensive experiments have shown its high detection rate.