Modified K-means algorithm using timestamp initialization in sliding window to detect anomaly traffic

Traffic anomalies that occur on the network usually make authorized users cannot access properly. That because by an increased number of users at a time or due to the attack of botnet to the network. This research purpose a method to detect there is anomaly traffic or not. This research used K-Means algorithm as the detection algorithm that modified on determination of the centroid and the cluster initialization, where the cluster initialization was used Timestamp Initialization as applied which in the determination of the centroid and the cluster based on the incoming data point. Expected modified K-Means using Timestamp Initialization can eliminate the determination of K-cluster that affect detection rate and false positive rate when using different K-cluster. This research also used windowing technique to obtain a better efficient process to detect anomaly traffic.