A multi-objective clustering approach for the detection of abnormal behaviors in mobile networks

The visualization of mobile network data can be of significant value to the network security administrator in order to detect anomalies in the normal traffic, caused by malicious attacks. Although several visualization types of the network structure and traffic already exist, the literature around visualizing behavioral aspects of users or network components, in order to distinguish the normal from the abnormal ones, is limited. In this paper, a behavior-based approach for visualizing the users of the network, with respect to specific aspects of their behavior, is proposed. The approach introduces the extraction of behavior-related descriptors from the raw network traffic data, which can be used to visualize behavioral similarities, so that users with similar behavior are depicted as points close to each other. Multiple descriptors are extracted from each user and are used as the multiple modalities in a state-of-the-art multi-objective visualization method. The outcome of the multi-objective method is a visualization of the behavioral similarities of users, according to the selection of a trade-off among the multiple descriptors. This allows the analyst to visually detect anomalies and analyze their evolution in time. Experimental evaluation of the proposed approach with several datasets in various application scenarios verify its efficiency.

[1]  Dimitrios Tzovaras,et al.  Multi-Objective Optimization for Multimodal Visualization , 2014, IEEE Transactions on Multimedia.

[2]  Avrim Blum,et al.  The Bottleneck , 2021, Monopsony Capitalism.

[3]  Erol Gelenbe,et al.  Modeling and Analysis of RRC-Based Signalling Storms in 3G Networks , 2016, IEEE Transactions on Emerging Topics in Computing.

[4]  Wei-Ying Ma,et al.  Graph based multi-modality learning , 2005, ACM Multimedia.

[5]  Daniel A. Keim,et al.  Visualization of Host Behavior for Network Security , 2007, VizSEC.

[6]  Mohan S. Kankanhalli,et al.  Multimodal fusion for multimedia analysis: a survey , 2010, Multimedia Systems.

[7]  Dominique Brodbeck,et al.  A Visual Approach for Monitoring Logs , 1998, LISA.

[8]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[9]  Marios Iliofotou Exploring Graph-Based Network Traffic Monitoring , 2009, IEEE INFOCOM Workshops 2009.

[10]  Thomas F. La Porta,et al.  A Detection Mechanism for SMS Flooding Attacks in Cellular Networks , 2012, SecureComm.

[11]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[12]  Kwan-Liu Ma,et al.  A visualization methodology for characterization of network scans , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[13]  Ethem Alpaydin,et al.  Multiple Kernel Learning Algorithms , 2011, J. Mach. Learn. Res..

[14]  Chiou-Shann Fuh,et al.  Multiple Kernel Learning for Dimensionality Reduction , 2011, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[15]  Rayid Ghani,et al.  Analyzing the effectiveness and applicability of co-training , 2000, CIKM '00.