Anomaly detection using firefly harmonic clustering algorithm

The performance of communication networks can be affected by a number of factors including misconfigu-ration, equipments outages, attacks originated from legitimate behavior or not, software errors, among many other causes. These factors may cause an unexpected change in the traffic behavior, creating what we call anomalies that may represent a loss of performance or breach of network security. Knowing the behavior pattern of the network is essential to detect and characterize an anomaly. Therefore, this paper presents an algorithm based on the use of Digital Signature of Network Segment (DSNS), used to model the traffic behavior pattern. We propose a clustering algorithm, K-Harmonic means (KHM), combined with a new heuristic approach, Firefly Algorithm (FA), for network volume anomaly detection. The KHM calculate a weighting function of each point to calculate new centroids and circumventing the initialization problem present in most center based clustering algorithm and exploits the search capability of FA from escaping local optima. Processing the DSNS data and real traffic adata is possible to detect and point intervals considered anomalous with a trade-off between the 90% true-positive rate and 30% false-positive rate.