Jinfei Liu,Li Xiong,Jun Luo,Joshua Zhexue Huang

DOI: https://doi.org/10.1145/2320765.2320819

2013-01-01

Abstract:DBSCAN is a well-known density-based clustering algorithm which offers advantages for finding clusters of arbitrary shapes compared to partitioning and hierarchical clustering methods. However, there are few papers studying the DBSCAN algorithm under the privacy preserving distributed data mining model, in which the data is distributed between two or more parties, and the parties cooperate to obtain the clustering results without revealing the data at the individual parties. In this paper, we address the problem of two-party privacy preserving DBSCAN clustering. We first propose two protocols for privacy preserving DBSCAN clustering over horizontally and vertically partitioned data respectively and then extend them to arbitrarily partitioned data. We also provide performance analysis and privacy proof of our solution.

Jinkun Geng,Daren Ye,Ping Luo

DOI: https://doi.org/10.1109/iaeac.2015.7428564

2015-01-01

Abstract:Data mining techniques are playing an important role in the analysis of mass network information and big data nowadays. The cluster analysis, as a main kind of method in data mining, draws great interest from researchers of various fields who proposed many algorithms such as k-means algorithm and its variants, density-based algorithm and its variants. However, these algorithms all have their own problems. This paper focuses on some of the problems and proposes a novel algorithm DBCAPSIC. The algorithm overcomes the k-means algorithm's sensitivity to initial conditions and avoids common density-based algorithms' "clustering failure" in some cases. Also, the algorithm has the linear time complexity of O(n), compared to the quadratic time complexity of common density-based clustering algorithms.

Gerard Shu Fuhnwi,Janet O. Agbaje,Kayode Oshinubi,Olumuyiwa James Peter

DOI: https://doi.org/10.46481/jnsps.2023.1364

2023-04-19

Journal of the Nigerian Society of Physical Sciences

Abstract:In data mining, and statistics, anomaly detection is the process of finding data patterns (outcomes, values, or observations) that deviate from the rest of the other observations or outcomes. Anomaly detection is heavily used in solving real-world problems in many application domains, like medicine, finance , cybersecurity, banking, networking, transportation, and military surveillance for enemy activities, but not limited to only these fields. In this paper, we present an empirical study on unsupervised anomaly detection techniques such as Density-Based Spatial Clustering of Applications with Noise (DBSCAN), (DBSCAN++) (with uniform initialization, k-center initialization, uniform with approximate neighbor initialization, and $k$-center with approximate neighbor initialization), and $k$-means$--$ algorithms on six benchmark imbalanced data sets. Findings from our in-depth empirical study show that k-means-- is more robust than DBSCAN, and DBSCAN++, in terms of the different evaluation measures (F1-score, False alarm rate, Adjusted rand index, and Jaccard coefficient), and running time. We also observe that DBSCAN performs very well on data sets with fewer number of data points. Moreover, the results indicate that the choice of clustering algorithm can significantly impact the performance of anomaly detection and that the performance of different algorithms varies depending on the characteristics of the data. Overall, this study provides insights into the strengths and limitations of different clustering algorithms for anomaly detection and can help guide the selection of appropriate algorithms for specific applications.

Bo Zhou,David W. Cheung,Ben Kao

DOI: https://doi.org/10.1007/3-540-48912-6_45

1999-01-01

Abstract:Clustering in large database is an important and useful data mining activity. It expects to find out meaningful patterns among the data set. Some new requirements of clustering have been raised : good efficiency for large database; easy to determine the input parameters; separate noise from the clusters [1]. However, conventional clustering algorithms seldom can fulfill all these requirements. The notion of density-based clustering has been proposed which satisfies all these requirements

Yating Liu,Yuantao Gu

DOI: https://doi.org/10.1109/dsw.2018.8439923

2018-01-01

Abstract:Network anomaly detection refers to automatically identifying the flows associated with anomalous events, which is the first line of defense against attacks in network security system. This paper proposes a new reliable unsupervised detector Multiple Sketches and Clustering (MSC) combining sketches (random projections) and clustering to blindly identify anomalies without relying on signatures or labeled traffic data. Multiple random projections and voting strategy alleviate the potential misclassification of single analysis and ensure a lower false positive rate. The K-means++ clustering detection detects both known and unknown anomalies accurately and triggers a higher true positive rate without any prior information about traffic data or anomaly patterns. The results on the MAWILAB backbone network dataset reveal that the novel detector outperforms the state-of-the-art detectors.

Yue Shi-hong,Li Ping,Guo Ji-dong,Zhou Shui-geng

DOI: https://doi.org/10.1007/bf02842480

2005-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Clustering, as a powerful data mining technique for discovering interesting data distributions and patterns in the underlying database, is used in many fields, such as statistical data analysis, pattern recognition, image processing, and other business applications. Density-based Spatial Clustering of Applications with Noise (DBSCAN) (Esteret al., 1996) is a good performance clustering method for dealing with spatial data although it leaves many problems to be solved. For example, DBSCAN requires a necessary user-specified threshold while its computation is extremely time-consuming by current method such as OPTICS, etc. (Ankerstet al., 1999), and the performance of DBSCAN under different norms has yet to be examined. In this paper, we first developed a method based on statistical information of distance space in database to determine the necessary threshold. Then our examination of the DBSCAN performance under different norms showed that there was determinable relation between them. Finally, we used two artificial databases to verify the effectiveness and efficiency of the proposed methods.

Yuan, Xiaoning,Yu, Hang,Liang, Jun,Xu, Bing

DOI: https://doi.org/10.1007/s13042-021-01369-7

2021-01-01

International Journal of Machine Learning and Cybernetics

Abstract:Recently the density peaks clustering algorithm (DPC) has received a lot of attention from researchers. The DPC algorithm is able to find cluster centers and complete clustering tasks quickly. It is also suitable for different kinds of clustering tasks. However, deciding the cutoff distance $${d}_{c}$$ largely depends on human experience which greatly affects clustering results. In addition, the selection of cluster centers requires manual participation which affects the efficiency of the algorithm. In order to solve these problems, we propose a density peaks clustering algorithm based on K nearest neighbors with adaptive merging strategy (KNN-ADPC). A clusters merging strategy is proposed to automatically aggregate over-segmented clusters. Additionally, the K nearest neighbors are adopted to divide data points more reasonably. There is only one parameter in KNN-ADPC algorithm, and the clustering task can be conducted automatically without human involvement. The experiment results on artificial and real-world datasets prove higher accuracy of KNN-ADPC compared with DBSCAN, K-means++, DPC, and DPC-KNN.

Guo Pu,Lijuan Wang,Jun Shen,Fang Dong

DOI: https://doi.org/10.26599/tst.2019.9010051

2021-04-01

Abstract:In recent years, machine learning-based cyber intrusion detection methods have gained increasing popularity. The number and complexity of new attacks continue to rise; therefore, effective and intelligent solutions are necessary. Unsupervised machine learning techniques are particularly appealing to intrusion detection systems since they can detect known and unknown types of attacks as well as zero-day attacks. In the current paper, we present an unsupervised anomaly detection method, which combines Sub-Space Clustering (SSC) and One Class Support Vector Machine (OCSVM) to detect attacks without any prior knowledge. The proposed approach is evaluated using the well-known NSL-KDD dataset. The experimental results demonstrate that our method performs better than some of the existing techniques.

computer science, information systems,engineering, electrical & electronic, software engineering

Hossein Saeedi Emadi,Sayyed Majid Mazinani

DOI: https://doi.org/10.1007/s11277-017-4961-1

IF: 2.017

2017-09-11

Wireless Personal Communications

Abstract:Anomaly is an important and influential element in Wireless Sensor Networks that affects the integrity of data. On account of the fact that these networks cannot be supervised, this paper, therefore, deals with the problem of anomaly detection. First, the three features of temperature, humidity, and voltage are extracted from the network traffic. Then, network data are clustered using the density-based spatial clustering of applications with noise (DBSCAN) algorithm. It also analyzes the accuracy of DBSCAN algorithm input data with the help of density-based detection techniques. This algorithm detects the points in regions with low density as anomaly. By using normal data, it trains support vector machine. And, finally, it removes anomalies from network data. The proposed algorithm is evaluated by the standard and general data set of Intel Berkeley Research lab (IRLB). In this paper, we could obliterate DBSCAN’s problem in selecting input parameters by benefiting from coefficient correlation. The advantage of the proposed algorithm over previous ones is in using soft computing methods, simple implementation, and improving detection accuracy through simultaneous analysis of those three features.

telecommunications

Jinbo Li,Hesam Izakian,Witold Pedrycz,Iqbal Jamal

DOI: https://doi.org/10.1016/j.asoc.2020.106919

IF: 8.7

2021-03-01

Applied Soft Computing

Abstract:Multivariate time series data come as a collection of time series describing different aspects of a certain temporal phenomenon. Anomaly detection in this type of data constitutes a challenging problem yet with numerous applications in science and engineering because anomaly scores come from the simultaneous consideration of the temporal and variable relationships. In this paper, we propose a clustering-based approach to detect anomalies concerning the amplitude and the shape of multivariate time series. First, we use a sliding window to generate a set of multivariate subsequences and thereafter apply an extended fuzzy clustering to reveal a structure present within the generated multivariate subsequences. Finally, a reconstruction criterion is employed to reconstruct the multivariate subsequences with the optimal cluster centers and the partition matrix. We construct a confidence index to quantify a level of anomaly detected in the series and apply Particle Swarm Optimization as an optimization vehicle for the problem of anomaly detection. Experimental studies completed on several synthetic and six real-world datasets suggest that the proposed methods can detect the anomalies in multivariate time series. With the help of available clusters revealed by the extended fuzzy clustering, the proposed framework can detect anomalies in the multivariate time series and is suitable for identifying anomalous amplitude and shape patterns in various application domains such as health care, weather data analysis, finance, and disease outbreak detection.

computer science, artificial intelligence, interdisciplinary applications

HH Tong,CR Li,JR He,QA Tran,HX Duan,X Li

DOI: https://doi.org/10.1109/icmlc.2005.1527494

2005-01-01

Abstract:As a crucial issue in computer network security, anomaly detection is receiving more and more attention from both application and theoretical point of view. In this paper, by introducing boosting technique, a novel anomaly detection scheme is proposed. On the whole, the proposed scheme is based on Ada-Boost and can be viewed as an extension of Ada-Boost in terms of both probability density estimation (PDE) and confidence area estimation (CAE). Different kinds of base learners are adopted and investigated in the proposed scheme. Systematic experimental results on DARPA 1999 dataset validate the effectiveness of the proposed scheme.

Weiwu Ren,Jianfei Zhang,Xiaoqiang Di,Yinan Lu,Bochen Zhang,Jianping Zhao,,

DOI: https://doi.org/10.20965/jaciii.2020.p0453

2020-07-20

Journal of Advanced Computational Intelligence and Intelligent Informatics

Abstract:Clustering by fast search and find of density peak (CFSFDP) is a simple and crisp density-clustering algorithm. The original algorithm is not suitable for direct application to anomaly detection. Its clustering results have a high level of redundant density information. If used directly as behavior profiles, the computation and storage costs of anomaly detection are high. Therefore, an improved algorithm based on CFSFDP is proposed for anomaly detection. The improved algorithm uses a few data points and their radius to support behavior profiles, and deletes the redundant data points without supporting profiles. This method not only reduces the large amount of data storage and distance calculation in the process of generating profiles, but also reduces the search space of profiles in the detection process. Numerous experiments show that the improved algorithm generates profiles faster than density-based spatial clustering of application with noise (DBSCAN), and has better profile precision than adaptive real-time anomaly detection with incremental clustering (ADWICE). The improved algorithm inherits the arbitrary shape clusters of CFSFDP, and improves the storage and computation performance. Compared with DBSCAN and ADWICE, the improved anomaly-detection algorithm based on CFSFDP has more balanced detection precision and real-time performance.

Rafath Samrin,Devara Vasumathi

DOI: https://doi.org/10.1515/jisys-2016-0105

2018-03-28

Journal of Intelligent Systems

Abstract:Abstract Despite the rapid developments in data technology, intruders are among the most revealed threats to security. Network intrusion detection systems are now a typical constituent of network security structures. In this paper, we present a combined weighted K-means clustering algorithm with artificial neural network (WKMC+ANN)-based intrusion identification scheme. This paper comprises two modules: clustering and intrusion detection. The input dataset is gathered into clusters with the usage of WKMC in clustering module. In the intrusion detection module, the clustered information is trained with the utilization of ANN and its structure is stored. In the testing process, the data are tested by choosing the most suitable ANN classifier, which corresponds to the closest cluster to the test data, according to distance or similarity measures. For experimental evaluation, we used the benchmark database, and the results clearly demonstrated that the proposed technique outperformed the existing technique by having better accuracy.

N. Pandeeswari,Ganesh Kumar

DOI: https://doi.org/10.1007/s11036-015-0644-x

2015-08-16

Mobile Networks and Applications

Abstract:Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. Thus, it is essential to create an Intrusion Detection System (IDS) to detect both insider and outsider attacks with high detection accuracy in cloud environment. This work proposes an anomaly detection system at the hypervisor layer named Hypervisor Detector that uses a hybrid algorithm which is a mixture of Fuzzy C-Means clustering algorithm and Artificial Neural Network (FCM-ANN) to improve the accuracy of the detection system. The proposed system is implemented and compared with Naïve Bayes classifier and Classic ANN algorithm. The DARPA’s KDD cup dataset 1999 is used for experiments. Based on extensive theoretical and performance analysis, it is evident that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate even for low frequent attacks thereby outperforming Naïve Bayes classifier and Classic ANN.

computer science, information systems,telecommunications, hardware & architecture

Weigang Liu

DOI: https://doi.org/10.1155/2022/4927504

2022-06-10

Wireless Communications and Mobile Computing

Abstract:Attacks on network systems are becoming more and more common, the current state of increasingly sophisticated attack methods, the emergence of intrusion prevention technology is the inevitable result of the development of computer technology and network technology, and research on intrusion prevention has become a new focus of network security technology research in recent years. In order to ensure the security of computer network confidential information, the authors propose a semisupervised clustering intrusion detection algorithm. An overview of machine learning, followed by an explanation of the theory of cluster analysis, simulation experiments were carried out using the K -means algorithm and the semisupervised clustering algorithm proposed by the author, for 10,000 records, the K -means clustering algorithm and the semisupervised clustering algorithm described in this paper are used, respectively, and intrusion detection data tests were performed. At the same time, different K values were selected, three datasets were selected from "kddcup.newtestdata_10_percent_corrected," the test data were tested separately, and their average value was taken as the test result. From the simulation results, the detection rate of the semisupervised clustering algorithm is higher than that of the K -means clustering algorithm, and the false alarm rate and K -means algorithms have also been improved. Therefore, the author's semisupervised algorithm enhances the stability of the system, and the performance of the K -means algorithm is improved to a certain extent. When the value of K gradually increases, the false alarm rate also increases; however, when K is 20, the detection rate is maximized, from this, it can be known that when K is 20, its detection rate reaches 91.76%, and the false alarm rate is 8.54%. The detection rate of the author's algorithm is significantly higher than the other two algorithms, the false positive rate is slightly higher than K -means, and the false positive rate is lower than that of the other algorithm, proving the superior performance of our algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hao Li,Xiaojie Liu,Tao Li,Rundong Gan

DOI: https://doi.org/10.1016/j.patcog.2020.107206

IF: 8

2020-06-01

Pattern Recognition

Abstract:Density-based clustering has several desirable properties, such as the abilities to handle and identify noise samples, discover clusters of arbitrary shapes, and automatically discover of the number of clusters. Identifying the core samples within the dense regions of a dataset is a significant step of the density-based clustering algorithm. Unlike many other algorithms that estimate the density of each samples using different kinds of density estimators and then choose core samples based on a threshold, in this paper, we present a novel approach for identifying local high-density samples utilizing the inherent properties of the nearest neighbor graph (NNG). After using the density estimator to filter noise samples, the proposed algorithm ADBSCAN in which "A" stands for "Adaptive" performs a DBSCAN-like clustering process. The experimental results on artificial and real-world datasets have demonstrated the significant performance improvement over existing density-based clustering algorithms.

computer science, artificial intelligence,engineering, electrical & electronic

SHI ZHONG,TAGHI M. KHOSHGOFTAAR,NAEEM SELIYA

DOI: https://doi.org/10.1142/s0218539307002568

2007-04-01

International Journal of Reliability, Quality and Safety Engineering

Abstract:Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.

Yishan Guo,Mandan Liu

DOI: https://doi.org/10.3233/ida-216185

IF: 1.7

2023-02-01

Intelligent Data Analysis

Abstract:With the development of wireless communication technology, when users use wireless networks to meet various needs, wireless networks also record a large number of users' spatial-temporal trajectory data. In order to better pay attention to the healthy development of students and promote the information construction on campus, a spectral clustering algorithm based on the multi-scale threshold and density combined with shared nearest neighbors (MSTDSNN-SC) is proposed. Firstly, it improves the affinity distance function based on the shortest time dis-tance-shortest time distance sub-sequence (STD-STDSS) by adding location popularity and uses this model to construct the initial adjacency matrix. Then it introduces the covariance scale threshold and spatial scale threshold to perform 0–1 processing on the adjacency matrix to obtain more accurate sample similarity. Next, it constructs an eigenvector space by eigenvalue decom-position of the adjacency matrix. Finally, it uses DBSCAN clustering algorithm with shared nearest neighbors to avoid to manually determine the number of clusters. Taking Internet usage data on campus as an example, multiple clustering algorithms are used for anomaly detection and four evaluation metrics are applied to estimate the clustering results. MSTDSNN-SC algorithm reflects better clustering performance. Furthermore, the abnormal trajectories list is verified to be effective and credible.

Nidhi S Bhavsar,Khushbu Yadav,Darshanaben Dipakkumar Pandya

DOI: https://doi.org/10.32628/ijsrst52310667

2024-01-10

International Journal of Scientific Research in Science and Technology

Abstract:This study looks into the possibilities and related challenges of using artificial intelligence (AI) to identify cancer. AI technologies have become attractive tools in oncology because of the growing complexity of medical data and the need for precise and timely cancer diagnosis. In reviewing the state of AI applications for cancer detection today, the paper focuses on biomarker analysis, medical imaging, and biomarker analysis. Additionally continuing conversation on how to use technology to improve cancer diagnostics' efficiency and accuracy while maintaining ethical norms and patient safety.

English Else

Qiyuan Hu,Yang Gao

DOI: https://doi.org/10.1109/ISSSR53171.2021.00010

2021-01-01

Abstract:Clustering by fast search and find of density peaks (DPC) is a highly innovative clustering method published on Science in June 2014. The DPC algorithm assumes that the cluster center of each class is far away from each other and has a higher local density. However, this method has certain disadvantages: it needs to find the clustering centers of the data set, whereas finding the clustering center...