Improved identification of network anomalies through optimal CURE clustering
In this paper, we propose an advanced network anomaly behavior identification framework to overcome the constraints inherent in conventional rule- or signature-based approaches, which often struggle with emerging and previously unknown threats. Central to our framework is an Enhanced CURE (Cluster U...
Uloženo v:
| Vydáno v: | Engineering Research Express Ročník 6; číslo 4; s. 45217 - 45231 |
|---|---|
| Hlavní autoři: | , , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
IOP Publishing
01.12.2024
|
| Témata: | |
| ISSN: | 2631-8695, 2631-8695 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | In this paper, we propose an advanced network anomaly behavior identification framework to overcome the constraints inherent in conventional rule- or signature-based approaches, which often struggle with emerging and previously unknown threats. Central to our framework is an Enhanced CURE (Cluster Updating and REfining) clustering algorithm, meticulously tailored and refined to incorporate a density-based methodology. This enhancement enables the algorithm to discern subtle shifts in network anomaly patterns with heightened precision. The implementation workflow commences with the application of the optimized CURE algorithm to analyze network data, followed by the deployment of a sophisticated anomaly degree ranking mechanism. This mechanism, through meticulous calculation of individual data points’ anomaly degrees and subsequent ranking, effectively isolates those deviating significantly from standard behavioral norms, incorporating a strategic threshold to filter out false positives. To validate our methodology’s efficacy and its superiority over existing techniques, experiments were conducted utilizing a substantial real-world network dataset. These tests affirm not only a marked increase in the accuracy of abnormal behavior recognition and a reduction in computational intricacy but also demonstrate the adaptability across diverse network ecosystems. Our approach has proven successful in pinpointing a wide array of network anomalies, encompassing malicious cyberattacks, fraudulent activities, unauthorized intrusions, and breaches of security protocols, thereby highlighting its comprehensive capability in bolstering network defense strategies. Despite the notable advancements and successful identification of various network anomalies, our framework currently lacks integration with real-time learning capabilities, limiting its immediate responsiveness to rapidly evolving attack patterns and necessitating ongoing research for dynamic updates and adaptive learning mechanisms. |
|---|---|
| AbstractList | In this paper, we propose an advanced network anomaly behavior identification framework to overcome the constraints inherent in conventional rule- or signature-based approaches, which often struggle with emerging and previously unknown threats. Central to our framework is an Enhanced CURE (Cluster Updating and REfining) clustering algorithm, meticulously tailored and refined to incorporate a density-based methodology. This enhancement enables the algorithm to discern subtle shifts in network anomaly patterns with heightened precision. The implementation workflow commences with the application of the optimized CURE algorithm to analyze network data, followed by the deployment of a sophisticated anomaly degree ranking mechanism. This mechanism, through meticulous calculation of individual data points’ anomaly degrees and subsequent ranking, effectively isolates those deviating significantly from standard behavioral norms, incorporating a strategic threshold to filter out false positives. To validate our methodology’s efficacy and its superiority over existing techniques, experiments were conducted utilizing a substantial real-world network dataset. These tests affirm not only a marked increase in the accuracy of abnormal behavior recognition and a reduction in computational intricacy but also demonstrate the adaptability across diverse network ecosystems. Our approach has proven successful in pinpointing a wide array of network anomalies, encompassing malicious cyberattacks, fraudulent activities, unauthorized intrusions, and breaches of security protocols, thereby highlighting its comprehensive capability in bolstering network defense strategies. Despite the notable advancements and successful identification of various network anomalies, our framework currently lacks integration with real-time learning capabilities, limiting its immediate responsiveness to rapidly evolving attack patterns and necessitating ongoing research for dynamic updates and adaptive learning mechanisms. |
| Author | Quan, Lili Wu, Xiaoqian Chen, Cheng |
| Author_xml | – sequence: 1 givenname: Xiaoqian orcidid: 0009-0002-6714-3252 surname: Wu fullname: Wu, Xiaoqian organization: Anhui Medical College School of Public Health and Health Management, Hefei, 230032, Anhui, People’s Republic of China – sequence: 2 givenname: Cheng surname: Chen fullname: Chen, Cheng organization: Anhui Medical College School of Public Health and Health Management, Hefei, 230032, Anhui, People’s Republic of China – sequence: 3 givenname: Lili surname: Quan fullname: Quan, Lili organization: Anhui Medical College School of Public Health and Health Management, Hefei, 230032, Anhui, People’s Republic of China |
| BookMark | eNp1UE1LAzEUDFLBWnv3mB_g2mQ_sslRlqqFgiD2HGLy0kbbZEmyiv_eLRXx4mkew5thZi7RxAcPCF1TcksJ54uSVbTgTDQLZXhL4QxNf6nJn_sCzVNyr6RmjLKWtlO0Xh36GD7AYGfAZ2edVtkFj4PFHvJniO9Y-XBQewcJ510Mw3aHQ5_dSOFu87zEej-kDNH57RU6t2qfYP6DM7S5X750j8X66WHV3a0LXVZVLkpa24Yra1QpoDFtCbppqFGVqctWCasBWGtBcEWYYLRWxAhuKqG4JtZqW80QOfnqGFKKYGUfxzzxS1Iij4PIY2N5bCxPg4ySm5PEhV6-hSH6MeD_798jFmWL |
| CODEN | ERENBL |
| Cites_doi | 10.1016/j.future.2023.07.039 10.1504/IJBIC.2021.118095 10.1007/s10489-022-04058-2 10.1109/ACCESS.2019.2934756 10.1016/j.asoc.2018.07.045 10.1109/ACCESS.2022.3205742 10.1109/ACCESS.2020.2988796 10.1109/TNSM.2022.3213807 10.3934/era.2024042 10.1145/3572840 10.1007/s00500-020-05264-1 10.1007/s11227-020-03391-y 10.1007/s00500-018-3496-z 10.2507/IJSIMM18(4)485 10.1007/s11042-023-15875-z 10.1007/s00521-020-05649-1 10.1155/2022/3105291 10.1142/S0218488521500203 10.1007/s11042-021-11887-9 10.1007/s11042-023-14501-2 10.1016/j.patrec.2017.10.031 10.1016/j.knosys.2023.110261 10.1016/j.softx.2020.100642 10.1109/ACCESS.2020.2982906 10.1109/ACCESS.2022.3202541 10.1080/08927022.2020.1839661 10.1007/s12243-020-00831-x 10.1016/j.comcom.2021.04.013 10.1007/s00500-018-3076-2 10.1007/s10586-018-1755-5 |
| ContentType | Journal Article |
| Copyright | 2024 IOP Publishing Ltd. All rights, including for text and data mining, AI training, and similar technologies, are reserved. |
| Copyright_xml | – notice: 2024 IOP Publishing Ltd. All rights, including for text and data mining, AI training, and similar technologies, are reserved. |
| DBID | AAYXX CITATION |
| DOI | 10.1088/2631-8695/ad871e |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2631-8695 |
| ExternalDocumentID | 10_1088_2631_8695_ad871e erxad871e |
| GrantInformation_xml | – fundername: 2020 Natural Science Research Project of Anhui Educational Committee: Design and implementation of a smart campus visualization platform based on Data Mining. grantid: KJ2019A1109 |
| GroupedDBID | AAYXX ABJNI ALMA_UNASSIGNED_HOLDINGS CITATION |
| ID | FETCH-LOGICAL-c233t-214f58afda29e5d72ec551da3d427a9fcee67fe98a069614a0d98d39a8c0ffcf3 |
| IEDL.DBID | O3W |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001345792500001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 2631-8695 |
| IngestDate | Sat Nov 29 03:50:56 EST 2025 Wed Nov 06 05:19:57 EST 2024 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 4 |
| Language | English |
| License | This article is available under the terms of the IOP-Standard License. |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c233t-214f58afda29e5d72ec551da3d427a9fcee67fe98a069614a0d98d39a8c0ffcf3 |
| Notes | ERX-104590.R1 |
| ORCID | 0009-0002-6714-3252 |
| PageCount | 15 |
| ParticipantIDs | iop_journals_10_1088_2631_8695_ad871e crossref_primary_10_1088_2631_8695_ad871e |
| PublicationCentury | 2000 |
| PublicationDate | 2024-12-01 |
| PublicationDateYYYYMMDD | 2024-12-01 |
| PublicationDate_xml | – month: 12 year: 2024 text: 2024-12-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | Engineering Research Express |
| PublicationTitleAbbrev | ERX |
| PublicationTitleAlternate | Eng. Res. Express |
| PublicationYear | 2024 |
| Publisher | IOP Publishing |
| Publisher_xml | – name: IOP Publishing |
| References | Hussain (erxad871ebib13) 2018; 72 Thrun (erxad871ebib29) 2021; 13 Xu (erxad871ebib31) 2023; 82 Liu (erxad871ebib22) 2023; 263 Kiki (erxad871ebib14) 2021; 24 Chang (erxad871ebib4) 2022; 81 Gocken (erxad871ebib11) 2019; 18 Xia (erxad871ebib30) 2021; 77 Ahn (erxad871ebib1) 2022; 10 Thoma (erxad871ebib28) 2021; 174 An (erxad871ebib3) 2019; 7 Li (erxad871ebib20) 2021; 18 De Oliveira (erxad871ebib7) 2020; 46 Hassan (erxad871ebib12) 2021; 33 Kuo (erxad871ebib15) 2019; 23 Peng (erxad871ebib24) 2018; 19 Song (erxad871ebib27) 2023; 53 Ren (erxad871ebib25) 2021; 76 Ma (erxad871ebib23) 2020; 24 Ganesh (erxad871ebib10) 2023; 19 Al-Dhamari (erxad871ebib2) 2020; 8 Chen (erxad871ebib5) 2023; 149 Chen (erxad871ebib6) 2021; 29 Kushwaha (erxad871ebib16) 2018; 115 Deng (erxad871ebib9) 2023; 20 Liu (erxad871ebib21) 2023; 83 Li (erxad871ebib18) 2022; 10 Yang (erxad871ebib32) 2019; 22 Deb (erxad871ebib8) 2018; 22 Lei (erxad871ebib17) 2024; 32 Li (erxad871ebib19) 2022; 2022 Sinaga (erxad871ebib26) 2020; 8 |
| References_xml | – volume: 149 start-page: 330 year: 2023 ident: erxad871ebib5 article-title: An optimized feature extraction algorithm for abnormal network traffic detection publication-title: Future Generation Computer Systems-the International Journal of Escience doi: 10.1016/j.future.2023.07.039 – volume: 18 start-page: 105 year: 2021 ident: erxad871ebib20 article-title: Clustering algorithm for mixed attributes data based on glowworm swarm optimisation algorithm and K-prototypes algorithm publication-title: International Journal of Bio-Inspired Computation doi: 10.1504/IJBIC.2021.118095 – volume: 53 start-page: 10520 year: 2023 ident: erxad871ebib27 article-title: A spectral clustering algorithm based on attribute fluctuation and density peaks clustering algorithm publication-title: Applied Intelligence doi: 10.1007/s10489-022-04058-2 – volume: 7 start-page: 113398 year: 2019 ident: erxad871ebib3 article-title: Clustering algorithm improvement in SAR target detection publication-title: Ieee Access doi: 10.1109/ACCESS.2019.2934756 – volume: 72 start-page: 30 year: 2018 ident: erxad871ebib13 article-title: CCGA: co-similarity based Co-clustering using genetic algorithm publication-title: Appl. Soft Comput. doi: 10.1016/j.asoc.2018.07.045 – volume: 10 start-page: 98034 year: 2022 ident: erxad871ebib18 article-title: A new density peak clustering algorithm based on cluster fusion strategy publication-title: Ieee Access doi: 10.1109/ACCESS.2022.3205742 – volume: 8 start-page: 80716 year: 2020 ident: erxad871ebib26 article-title: Unsupervised K-means clustering algorithm publication-title: Ieee Access doi: 10.1109/ACCESS.2020.2988796 – volume: 20 start-page: 684 year: 2023 ident: erxad871ebib9 article-title: Flow topology-based graph convolutional network for intrusion detection in label-limited iot networks publication-title: IEEE Trans. Netw. Serv. Manage. doi: 10.1109/TNSM.2022.3213807 – volume: 32 start-page: 874 year: 2024 ident: erxad871ebib17 article-title: A novel approach for enhanced abnormal action recognition via coarse and precise detection stage publication-title: Electronic Research Archive doi: 10.3934/era.2024042 – volume: 19 start-page: 46 year: 2023 ident: erxad871ebib10 article-title: Universal algorithms for clustering problems publication-title: Acm Transactions on Algorithms doi: 10.1145/3572840 – volume: 24 start-page: 15129 year: 2020 ident: erxad871ebib23 article-title: Multiple clustering and selecting algorithms with combining strategy for selective clustering ensemble publication-title: Soft Computing doi: 10.1007/s00500-020-05264-1 – volume: 77 start-page: 3223 year: 2021 ident: erxad871ebib30 article-title: A new method of abnormal behavior detection using LSTM network with temporal attention mechanism publication-title: J. Supercomput. doi: 10.1007/s11227-020-03391-y – volume: 23 start-page: 8957 year: 2019 ident: erxad871ebib15 article-title: An improved differential evolution with cluster decomposition algorithm for automatic clustering publication-title: Soft Computing doi: 10.1007/s00500-018-3496-z – volume: 18 start-page: 574 year: 2019 ident: erxad871ebib11 article-title: Comparison of different clustering algorithms via genetic algorithm for vrptw publication-title: International Journal of Simulation Modelling doi: 10.2507/IJSIMM18(4)485 – volume: 83 start-page: 61929 year: 2023 ident: erxad871ebib21 article-title: Abnormal operation recognition based on a spatiotemporal residual network publication-title: Multimedia Tools Appl. doi: 10.1007/s11042-023-15875-z – volume: 33 start-page: 10987 year: 2021 ident: erxad871ebib12 article-title: A multidisciplinary ensemble algorithm for clustering heterogeneous datasets publication-title: Neural Computing & Applications doi: 10.1007/s00521-020-05649-1 – volume: 2022 start-page: 13 year: 2022 ident: erxad871ebib19 article-title: Task-oriented network abnormal behavior detection method publication-title: Security and Communication Networks doi: 10.1155/2022/3105291 – volume: 29 start-page: 463 year: 2021 ident: erxad871ebib6 article-title: A combined clustering algorithm based on esync algorithm and a merging judgement process of micro-clusters publication-title: Int. J. Uncertain. Fuzziness Knowl.-Based Syst. doi: 10.1142/S0218488521500203 – volume: 81 start-page: 11825 year: 2022 ident: erxad871ebib4 article-title: A hybrid CNN and LSTM-based deep learning model for abnormal behavior detection publication-title: Multimedia Tools Appl. doi: 10.1007/s11042-021-11887-9 – volume: 82 start-page: 22723 year: 2023 ident: erxad871ebib31 article-title: Abnormal behavior detection algorithm based on multi-branch convolutional fusion neural network publication-title: Multimedia Tools Appl. doi: 10.1007/s11042-023-14501-2 – volume: 115 start-page: 59 year: 2018 ident: erxad871ebib16 article-title: Magnetic optimization algorithm for data clustering publication-title: Pattern Recognit. Lett. doi: 10.1016/j.patrec.2017.10.031 – volume: 263 start-page: 19 year: 2023 ident: erxad871ebib22 article-title: Cloud-cluster: an uncertainty clustering algorithm based on cloud model publication-title: Knowl.-Based Syst. doi: 10.1016/j.knosys.2023.110261 – volume: 13 start-page: 7 year: 2021 ident: erxad871ebib29 article-title: Fundamental clustering algorithms suite publication-title: Softwarex doi: 10.1016/j.softx.2020.100642 – volume: 8 start-page: 61085 year: 2020 ident: erxad871ebib2 article-title: Transfer deep learning along with binary support vector machine for abnormal behavior detection publication-title: Ieee Access doi: 10.1109/ACCESS.2020.2982906 – volume: 10 start-page: 119232 year: 2022 ident: erxad871ebib1 article-title: Modeling and simulation of abnormal behavior detection through history trajectory monitoring in wireless sensor networks publication-title: Ieee Access doi: 10.1109/ACCESS.2022.3202541 – volume: 19 start-page: 489 year: 2018 ident: erxad871ebib24 article-title: A new method for abnormal behavior propagation in networked software publication-title: Journal of Internet Technology – volume: 24 start-page: 489 year: 2021 ident: erxad871ebib14 article-title: Mapreduce FCM clustering set algorithm publication-title: Cluster Computing-the Journal of Networks Software Tools and Applications – volume: 46 start-page: 1453 year: 2020 ident: erxad871ebib7 article-title: Modified clustering algorithm for molecular simulation publication-title: Mol. Simul. doi: 10.1080/08927022.2020.1839661 – volume: 76 start-page: 581 year: 2021 ident: erxad871ebib25 article-title: A review of clustering algorithms in vanets publication-title: Ann. Telecommun. doi: 10.1007/s12243-020-00831-x – volume: 174 start-page: 28 year: 2021 ident: erxad871ebib28 article-title: Detection of collaborative misbehaviour in distributed cyber-attacks publication-title: Comput. Commun. doi: 10.1016/j.comcom.2021.04.013 – volume: 22 start-page: 6035 year: 2018 ident: erxad871ebib8 article-title: Elephant search algorithm applied to data clustering publication-title: Soft Computing doi: 10.1007/s00500-018-3076-2 – volume: 22 start-page: S8309 year: 2019 ident: erxad871ebib32 article-title: Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment publication-title: Cluster Computing-the Journal of Networks Software Tools and Applications doi: 10.1007/s10586-018-1755-5 |
| SSID | ssib046616717 ssib037096498 ssib052001916 |
| Score | 2.2754564 |
| Snippet | In this paper, we propose an advanced network anomaly behavior identification framework to overcome the constraints inherent in conventional rule- or... |
| SourceID | crossref iop |
| SourceType | Index Database Publisher |
| StartPage | 45217 |
| SubjectTerms | anomaly identification clustering algorithm network anomalous behavior |
| Title | Improved identification of network anomalies through optimal CURE clustering |
| URI | https://iopscience.iop.org/article/10.1088/2631-8695/ad871e |
| Volume | 6 |
| WOSCitedRecordID | wos001345792500001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIOP databaseName: Institute of Physics Open Access Journal Titles customDbUrl: eissn: 2631-8695 dateEnd: 99991231 omitProxy: false ssIdentifier: ssib037096498 issn: 2631-8695 databaseCode: O3W dateStart: 20190711 isFulltext: true titleUrlDefault: http://iopscience.iop.org/ providerName: IOP Publishing |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LS8NAEF7a6sGLD1SsL_agBw9r091NsosnKS0epIpY7C1s9gEFTUpfv99JdusDFARvIQxJ-HYy3zfZyQxCF1Vbn0hxSXLOLOGguIngVJMcqCLReayZ1fWwiXQ4FOOxfGygm49_YcppCP3XcOgbBXsIQ0Gc6NCEdYlIZNxRBuS-baINJkAGgDM_sJe1M7EUxDn_zCU4EFECuUvYqvzpQt-oqQm3_8I0g51_PeMu2g4CE9960z3UsMU-uvffDqzBExPKg-oVwaXDhS8Ex6oo30CU2zkOs3twCeEETuHe6KmP9euy6qkATHeARoP-c--OhDkKRFPGFoR2uYuFckZRaWOTUqtBJxnFDKepkg54MkmdlUJFiQS6VpGRwjCphI6c044dolZRFvYI4YSnkbIQF3iUcwWLmTsHKaYG4SJiYLY2ulpDmE19u4ys3uYWIqswySpMMo9JG10CfFl4Z-a_2h3_0e4EbVFQHL7W5BS1FrOlPUOberWYzGfntXO8A5Cbubk |
| linkProvider | IOP Publishing |
| linkToPdf | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LSwMxEA5aRbz4QMX6zEEPHmK3SXY3OUptUSy1iMXelmweUNDd0oe_3-kmRQUFwduyDEv4MjvfN5vZGYQuFm19IsUlyTmzhIPiJoJTTXKgikTnsWZWV8Mm0l5PDIeyH-acVv_ClOMQ-q_h0jcK9hCGgjjRoAlrEpHIuKEMyH3bGBu3itaqPiXg0I_sZelQLAWBzj_zCQ5klED-Eo4rf3rYN3pahSV8YZvO9r_XuYO2gtDEN958F63YYg91_TcEa_DIhDKhamdw6XDhC8KxKso3EOd2isMMH1xCWIFbuDV4amP9Ol_0VgDG20eDTvu5dUfCPAWiKWMzQpvcxUI5o6i0sUmp1aCXjGKG01RJB3yZpM5KoaJEAm2ryEhhmFRCR85pxw5QrSgLe4hwwtNIWYgPPMq5gk3NnYNUU4OAETEwXB1dLWHMxr5tRlYddwuRLXDJFrhkHpc6ugQIs_DuTH-1O_qj3Tna6N92su597-EYbVIQIb785ATVZpO5PUXr-n02mk7OKl_5AKK3vyE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Improved+identification+of+network+anomalies+through+optimal+CURE+clustering&rft.jtitle=Engineering+Research+Express&rft.au=Wu%2C+Xiaoqian&rft.au=Chen%2C+Cheng&rft.au=Quan%2C+Lili&rft.date=2024-12-01&rft.pub=IOP+Publishing&rft.eissn=2631-8695&rft.volume=6&rft.issue=4&rft_id=info:doi/10.1088%2F2631-8695%2Fad871e&rft.externalDocID=erxad871e |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2631-8695&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2631-8695&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2631-8695&client=summon |