Evolving cauchy possibilistic clustering and its application to large-scale cyberattack monitoring

This paper gives the idea of large-scale monitoring for cyberattacks using evolving Cauchy possibilistic clustering (eCauchy). The idea of density based clustering is appealing when the data samples are highly noisy and when also the outliers appears frequently. The basic measure of density in recursive form can be modified in a way to be applied on classification problems such as large-scale monitoring for cyberattacks. The algorithm is in on-line form to deal with the data streams and is therefore appropriate for dealing with big-data problems. The development of density as a measure of similarity follows from Cauchy density and is similar to the typicality defined in the possibilistic clustering approach. The described eCauchy clustering deals with just few tuning parameters, such as maximal density. The algorithm evolves the structure during operation by adding and removing the clusters. This is appropriate for data granulation which is of great importance in the case of the clusters which are of different sizes and shapes. In the proposed large-scale monitoring system, darknet sensor packets within a certain period are transformed into 17 traffic features and they are categorized by eCauchy in an on-line fashion. To evaluate the proposed darknet monitoring system, a large set of TCP and UDP packets collected from January 2nd 2016 to March 1st 2016 (60 days) with the NICT /16 darknet sensor are used for evaluation. Our experimental results demonstrate that the proposed monitoring system can detect DDoS backscatter with more than 98% accuracy for TCP packets and non-DDoS backscatter with 72.8 % accuracy for UDP packets. The proposed system can learn and predict quite fast, 12.6 sec. for TCP and 312.6 sec. for UDP.

[1]  E. Lughofer,et al.  Evolving fuzzy classifiers using different model architectures , 2008, Fuzzy Sets Syst..

[2]  Koji Nakao,et al.  Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring , 2009, IEICE Trans. Inf. Syst..

[3]  Dejan Dovzan,et al.  Implementation of an Evolving Fuzzy Model (eFuMo) in a Monitoring System for a Waste-Water Treatment Process , 2015, IEEE Transactions on Fuzzy Systems.

[4]  Niels Provos,et al.  Data reduction for the scalable automated analysis of distributed darknet traffic , 2005, IMC '05.

[5]  Babak Nadjar Araabi,et al.  Recursive Gath–Geva clustering as a basis for evolving neuro-fuzzy modeling , 2010, Evol. Syst..

[6]  Edwin Lughofer,et al.  Evolving Fuzzy Systems - Methodologies, Advanced Concepts and Applications , 2011, Studies in Fuzziness and Soft Computing.

[7]  Plamen P. Angelov,et al.  A simple fuzzy rule-based system through vector membership and kernel-based granulation , 2010, 2010 5th IEEE International Conference Intelligent Systems.

[8]  Igor Skrjanc,et al.  Problems of Identification of Cloud-Based Fuzzy Evolving Systems , 2016, ICAISC.

[9]  James M. Keller,et al.  A possibilistic fuzzy c-means clustering algorithm , 2005, IEEE Transactions on Fuzzy Systems.

[10]  Runhe Huang,et al.  A study on association rule mining of darknet big data , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).

[11]  Stefan Savage,et al.  Network Telescopes: Technical Report , 2004 .

[12]  D.P. Filev,et al.  An approach to online identification of Takagi-Sugeno fuzzy models , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[13]  Guangxue Yue,et al.  DDoS Detection System Based on Data Mining , 2010 .

[14]  Renata M. C. R. de Souza,et al.  Possibilistic approach to clustering of interval data , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[15]  R. Kruse,et al.  An extension to possibilistic fuzzy cluster analysis , 2004, Fuzzy Sets Syst..

[16]  Dejan Dovzan,et al.  Recursive clustering based on a Gustafson–Kessel algorithm , 2011, Evol. Syst..

[17]  Igor Skrjanc,et al.  Evolving principal component clustering with a low run-time complexity for LRF data mapping , 2015, Appl. Soft Comput..

[18]  Fernando A. C. Gomide,et al.  Recursive possibilistic fuzzy modeling , 2014, 2014 IEEE Symposium on Evolving and Autonomous Learning Systems (EALS).

[19]  Dejan Dovzan,et al.  Cloud-based identification of an evolving system with supervisory mechanisms , 2014, 2014 IEEE International Symposium on Intelligent Control (ISIC).

[20]  D. Andina,et al.  An Improvement to the Possibilistic Fuzzy c-Means Clustering Algorithm , 2006, 2006 World Automation Congress.

[21]  Kouichi Sakurai,et al.  Collaborative Behavior Visualization and Its Detection by Observing Darknet Traffic , 2012, CSS.

[22]  Olga Georgieva,et al.  An Extended Version ofGustafson-Kessel Clustering Algorithm for Evolving Data Stream Clustering Evolving Intelligent Systems: Methodology and Applications , 2010 .

[23]  Plamen P. Angelov,et al.  Simplified fuzzy rule-based systems using non-parametric antecedents and relative data density , 2011, 2011 IEEE Workshop on Evolving and Adaptive Intelligent Systems (EAIS).

[24]  Plamen Angelov,et al.  Evolving Takagi-Sugeno fuzzy systems from data streams (eTS+). , 2010 .