Networking Anomaly Detection Using DSNs and Particle Swarm Optimization with Re-Clustering

This paper presents an anomaly detection method using Digital Signature of Network Segment (DSNS) and Particle Swarm Optimization-based clustering (PSO-Cls). The PSO algorithm is an evolutionary computation technique whose main characteristics include low computational complexity, ability to escape from local optima, and small number of input parameters dependence, when compared to other evolutionary algorithms, e.g. genetic algorithms (GA). In the PSO-Cls algorithm, swarm intelligence is combined with K-means clustering, in order to achieve high convergence rates. On the other hand, DSNS consists of normal network traffic behavior profiles, generated by the application of Baseline for Automatic Backbone Management (BLGBA) model in SNMP historical network data set. The proposed approach identifies and classifies data clusters from DSNS and real traffic, using swarm intelligence. Anomalous behaviors can be easily identified by comparing real traffic and cluster centroids. Tests were performed in the network of State University of Londrina and the obtained detection and false alarm rates are promising.