Improved identification of network anomalies through optimal CURE clustering

In this paper, we propose an advanced network anomaly behavior identification framework to overcome the constraints inherent in conventional rule- or signature-based approaches, which often struggle with emerging and previously unknown threats. Central to our framework is an Enhanced CURE (Cluster U...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Engineering Research Express Ročník 6; číslo 4; s. 45217 - 45231
Hlavní autori: Wu, Xiaoqian, Chen, Cheng, Quan, Lili
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: IOP Publishing 01.12.2024
Predmet:
anomaly identification
clustering algorithm
network anomalous behavior
ISSN:2631-8695, 2631-8695
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:In this paper, we propose an advanced network anomaly behavior identification framework to overcome the constraints inherent in conventional rule- or signature-based approaches, which often struggle with emerging and previously unknown threats. Central to our framework is an Enhanced CURE (Cluster Updating and REfining) clustering algorithm, meticulously tailored and refined to incorporate a density-based methodology. This enhancement enables the algorithm to discern subtle shifts in network anomaly patterns with heightened precision. The implementation workflow commences with the application of the optimized CURE algorithm to analyze network data, followed by the deployment of a sophisticated anomaly degree ranking mechanism. This mechanism, through meticulous calculation of individual data points’ anomaly degrees and subsequent ranking, effectively isolates those deviating significantly from standard behavioral norms, incorporating a strategic threshold to filter out false positives. To validate our methodology’s efficacy and its superiority over existing techniques, experiments were conducted utilizing a substantial real-world network dataset. These tests affirm not only a marked increase in the accuracy of abnormal behavior recognition and a reduction in computational intricacy but also demonstrate the adaptability across diverse network ecosystems. Our approach has proven successful in pinpointing a wide array of network anomalies, encompassing malicious cyberattacks, fraudulent activities, unauthorized intrusions, and breaches of security protocols, thereby highlighting its comprehensive capability in bolstering network defense strategies. Despite the notable advancements and successful identification of various network anomalies, our framework currently lacks integration with real-time learning capabilities, limiting its immediate responsiveness to rapidly evolving attack patterns and necessitating ongoing research for dynamic updates and adaptive learning mechanisms.
Bibliografia:ERX-104590.R1
ISSN:2631-8695
2631-8695
DOI:10.1088/2631-8695/ad871e