CFP last date
20 January 2025
Reseach Article

Data Clustering for Anomaly Detection in Content-Centric Networks

by Amin Karami
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 81 - Number 7
Year of Publication: 2013
Authors: Amin Karami
10.5120/14021-2180

Amin Karami . Data Clustering for Anomaly Detection in Content-Centric Networks. International Journal of Computer Applications. 81, 7 ( November 2013), 1-8. DOI=10.5120/14021-2180

@article{ 10.5120/14021-2180,
author = { Amin Karami },
title = { Data Clustering for Anomaly Detection in Content-Centric Networks },
journal = { International Journal of Computer Applications },
issue_date = { November 2013 },
volume = { 81 },
number = { 7 },
month = { November },
year = { 2013 },
issn = { 0975-8887 },
pages = { 1-8 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume81/number7/14021-2180/ },
doi = { 10.5120/14021-2180 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:55:25.769315+05:30
%A Amin Karami
%T Data Clustering for Anomaly Detection in Content-Centric Networks
%J International Journal of Computer Applications
%@ 0975-8887
%V 81
%N 7
%P 1-8
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Content-Centric Networks (CCNs) have recently emerged as an innovative trend to overcome many inherent security problems in the IP-based (host-based) networks by securing the content itself rather than the channel through which it travels. In this network architecture new kinds of attacks -ranging from DoS to privacy attacks- will appear. Therefore, it is becoming necessary to design a flexible and powerful mechanism to be able to detect them in an intelligent manner the first time they are employed. In this paper, a novel anomaly detection system has been proposed to detect known and previously unknown types of attacks using an efficient unsupervised learning engine that utilizes clustering with the optimal number of clusters, high detection rate, and low false positive rate in the same time over the CCN traffics flows. This paper compares the performance of five different clustering algorithms in the proposed anomaly detection system including K-means and Farthest First as Partitioning clustering, Cobweb as Hierarchical clustering, DBSCAN as Density-based clustering and Self Organizing Map (SOM) as Model-based clustering. Results show that DBSCAN method is the most efficient one for this purpose since it outperforms the other ones in terms of high detection rate and low false positive rate in the same time.

References
  1. S. B. Aher and L. M. R. J. Lobo. A comparative study for selecting the best unsupervised learning algorithm in elearning system. International Journal of Computer Applications, 41(3), 2012.
  2. B. Ahlgren, Ch. Dannewitz, C. Imbrenda, D. Kutscher, and B. Ohlman. A Survey of Information-Centric Networking (Draft). In Information-Centric Networking, number 10492 in Dagstuhl Seminar Proceedings, Dagstuhl, Germany, 2011. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany.
  3. M. H. Ardestani, A. Karami, P. Sarolahti, and J. Ott. Congestion control in content-centric networking using neural network. In Talk and Presentation in CCNxCon 2013, 5-6th September. Parc (Xerox Co. ), California, USA, 2013.
  4. T. Cali´nski and J. Harabasz. A dendrite method for cluster analysis. Communications in Statistics-theory and Methods, 3(1):1–27, 1974.
  5. G. Corral, E. Armengol, A. Fornells, and E. Golobardes. Explanations of unsupervised learning clustering applied to data security analysis. Neurocomput. , 72(13-15):2754–2762, 2009.
  6. D. L. Davies and D. W. Bouldin. A cluster separation measure. IEEE Transactions on Pattern Analysis and Machine Intelligence, PAMI-1(2):224–227, 1979.
  7. A. Detti, N. Blefari-Melazzi, S. Salsano, and M. Pomposini. Conet: a content centric inter-networking architecture. In Proceedings of the ACM SIGCOMM workshop on Informationcentric networking, ICN '11, pages 50–55, 2011.
  8. J. C. Dunn. Well separated clusters and optimal fuzzy partitions. Cybernetics, 4:95–104, 1974.
  9. J. Erman, M. Arlitt, and A. Mahanti. Traffic classification using clustering algorithms. In Proceedings of the 2006 SIGCOMM workshop on Mining network data, MineNet '06, pages 281–286, New York, NY, USA, 2006. ACM.
  10. M. Ester, H. -P. Kriegel, J. Sander, and X. Xu. A density-based algorithm for discovering clusters in large spatial databases with noise. In KDD'96, pages 226–231, 1996.
  11. Douglas H. Fisher. Knowledge acquisition via incremental conceptual clustering. Mach. Learn. , 2(2):139–172, 1987.
  12. G. Fortino, C. Mastroianni, M. Pathan, and A. Vakali. Next generation content networks: trends and challenges. In Proceedings of the 4th edition of the UPGRADE-CN workshop on Use of P2P, GRID and agents for the development of content networks, UPGRADE-CN '09, 2009.
  13. P. Gasti, G. Tsudik, E. Uzun, and L. Zhang. Dos and ddos in named-data networking. CoRR, abs/1208. 0952, 2012.
  14. V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard. Networking named content. In Proceedings of the 5th international conference on Emerging networking experiments and technologies, CoNEXT '09, pages 1–12, 2009.
  15. A. Karami, R. Johansson, and M. Riveiro. Utilization and comparison of multi attribute decision making techniques to rank bayesian network options, 2011. Master thesis in University of Sk¨ovde, Sweden.
  16. T. Kohonen. Self-Organizing Maps. Springer, Berlin, Heidelberg, 1995.
  17. F. Kovacs, C. Legany, and A. Babos. Cluster validity measurement techniques. Technical report, Department of Automation and Applied Informatics, Budapest University of Technology and Economics, Budapest, Hungary, 2002.
  18. T. Lauinger. Security & scalability of content-centric networking, September 2010.
  19. R. D. Lawrence, G. S. Almasi, and H. E. Rushmeier. A scalable parallel algorithm for self-organizing maps with applications to sparse data mining problems. Data Mining and Knowledge Discovery, 3:171–195, 1999.
  20. W. Lee and Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. , 3(4):227–261, 2000.
  21. M. Li, G. Holmes, and B. Pfahringer. Clustering large datasets using cobweb and k-means in tandem. In Proceedings of the 17th Australian joint conference on Advances in Artificial Intelligence, AI'04, pages 368–379, Berlin, Heidelberg, 2004. Springer-Verlag.
  22. B. Liu. Web Data Mining: Exploring Hyperlinks, Contents, and Usage Data. Data-Centric Systems and Applications. Springer, 2007.
  23. O. Maimon and L. Rokach. Data mining and knowledge discovery handbook, Chapter 15 CLUSTERING METHODS, pages 321–352. The Kluwer International Series in Engineering and Computer Science. Springer, 2005.
  24. U. Maulik and S. Bandyopadhyay. Performance evaluation of some clustering algorithms and validity indices. IEEE Transactions on Pattern Analysis and Machine Intelligence, 24(12):1650–1654, 2002.
  25. K. Mumtaz and K. Duraiswamy. An analysis on density based clustering of multi dimensional spatial data. Computer Science and Engineering, 1(1):8–12, 2010.
  26. A. P. Muniyandi, R. Rajeswari, and R. Rajaram. Network anomaly detection by cascading k-means clustering and c4. 5 decision tree algorithm. Procedia Engineering, 30:174–182, 2012. International Conference on Communication Technology and System Design.
  27. G. M¨unz, S. Li, and G. Carle. Traffic anomaly detection using k-means clustering. In Proc. of performance, reliability and dependability evaluation of communication networks and distributed systems, 4 GI / ITG Workshop MMBnet. Hamburg, Germany, 2007.
  28. J. F. Nieves and Y. Jiao. Data clustering for anomaly detection in network intrusion detection. Technical report, 2009.
  29. D. T. Pham, S. S. Dimov, and C. D. Nguyen. Selection of k in k-means clustering. Proceedings of the Institution of Mechanical Engineers, Part C: Journal of Mechanical Engineering Science, 219(1):103–119, 2005.
  30. D. Wunsch R. Xu. Survey of clustering algorithms. IEEE Transactions on In Neural Networks, 16(3):645–678, 2005.
  31. D. V. Rooy and J. Bus. Trust and privacy in the future interneta research perspective. Identity in the Information Society, 3(2):397–404, 2010.
  32. F. Seredynski and P. Bouvry. Anomaly detection in tcp/ip networks using immune systems paradigm. Comput. Commun. , 30(4):740–749, 2007.
  33. P. -N. Tan, M. Steinbach, and V. Kumar. Introduction to Data Mining, (First Edition). Addison-Wesley Longman Publishing Co. , Inc. , Boston, MA, USA, 2005.
  34. K. Thompson and P. Langley. Concept formation in structured domains. In Concept formation: Knowledge and experience in unsupervised learning. Fisher, D. H. , Pazzani, M. J. , & Langley, P. (Eds. ) San Francisco. CA: Morgan Kaufmann, 1991.
  35. J. Vesanto and E. Alhoniemi. Clustering of the self-organizing map. IEEE Transactions on Neural Networks, 11(3):586–600, 2000.
  36. Q. Wang and V. Megalooikonomou. A performance evaluation framework for association mining in spatial data. Intelligent Information Systems, 35(3):465–494, 2010.
  37. I. Widjaja. Towards a flexible resource management system for content centric networking. In In Proc. of IEEE ICC'12 Next Generation Network Symposium, 2012.
  38. I. H. Witten and E. Frank. Data Mining: Practical Machine Learning Tools and Techniques, Second Edition. The Morgan Kaufmann Series in Data Management Systems. Elsevier Science, 2005.
  39. W. Wong and P. Nikander. Secure naming in informationcentric networks. In Proceedings of the Re-Architecting the Internet Workshop, ReARCH '10, pages 1–12, 2010.
  40. M. Xie, I. Widjaja, and H. Wang. Enhancing cache robustness for content-centric networking. In INFOCOM'12, pages 2426–2434, 2012.
  41. L. Zhang, D. Estrin, J. Burke, V. Jacobson, J. D. Thornton, D. K. Smetters, G. Tsudik B. Zhang, K. Claffy, D. Krioukov, D. Massey C. Papadopoulos adn T. Abdelzaher, L. Wang P. Crowley, and E. Yeh. Named data networking (ndn) project. In In Proceedings of the ACM SIGCOMM workshop on Information-centric networking, number PARC TR-2010-3, pages 68–73, 2010.
Index Terms

Computer Science
Information Sciences

Keywords

Content-centric networking Anomaly Detection Clustering Analysis