Abstract
This paper proposed a Mahalanobis distance based Incremental Possibilistic Clustering (IPC) algorithm to detect abnormal flow. Firstly, the attributes of network flow is extracted by damped incremental statistics. Then the model of normal traffic will be generated by IPC algorithm. To extract the model of high-dimensional data without pre-known number of cluster centers, the algorithm gradually choose outliers as new clustering centers and merges the overlapping clustering centers. Finally, the data that doesn’t belong to any normal model is regarded as abnormal data. By using the Mahalanobis distance instead of the traditional Euclidean distance, the defect that the possibilistic clustering tends to find the features of hypersphere is solved. The experiments show that this method can distinguish normal flow and abnormal flow effectively and reaches the detection rate of 98%.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
