Anomaly detection model based on data stream clustering

Abstract

Intrusion detection provides important protection for network security and anomaly detection as a type of intrusion detection, which can recognize the pattern of normal behaviors and label the behaviors which departure from normal pattern as anomaly behaviors. The updating of network equipment and broadband speed makes the data mining object change from static data sets to dynamic data streams. We think that the traditional methods based on data set do not satisfy the needs of dynamic network environment. The network data stream is temporal and cannot be treated as static data set. The concept and distribution of data objects is variety in different time stamps and the changing is unpredictable. Therefore, we propose an improved data stream clustering algorithm and design the anomaly detection model according to the improved algorithm. The established model can be modified with the changing of data stream and detect anomaly behaviors in time.