Statistical and density-based clustering techniques in the context of anomaly detection in network systems: A comparative analysis
- Authors: Baklashov A.S.1,2, Kulyabov D.S.1,3
-
Affiliations:
- RUDN University
- V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences
- Joint Institute for Nuclear Research
- Issue: Vol 33, No 1 (2025)
- Pages: 27-45
- Section: Computer Science
- URL: https://journals.rcsi.science/2658-4670/article/view/315392
- DOI: https://doi.org/10.22363/2658-4670-2025-33-1-27-45
- EDN: https://elibrary.ru/AFZDUC
- ID: 315392
Cite item
Full Text
Abstract
In the modern world, the volume of data stored electronically and transmitted over networks continues to grow rapidly. This trend increases the demand for the development of effective methods to protect information transmitted over networks as network traffic. Anomaly detection plays a crucial role in ensuring net security and safeguarding data against cyberattacks. This study aims to review statistical and density-based clustering methods used for anomaly detection in network systems and to perform a comparative analysis based on a specific task. To achieve this goal, the authors analyzed existing approaches to anomaly detection using clustering methods. Various algorithms and clustering techniques applied within network environments were examined in this study. The comparative analysis highlights the high effectiveness of clustering methods in detecting anomalies in network traffic. These findings support the recommendation to integrate such methods into intrusion detection systems to enhance information security levels. The study identified common features, differences, strengths, and limitations of the different methods. The results offer practical insights for improving intrusion detection systems and strengthening data protection in network infrastructures.
About the authors
Aleksandr S. Baklashov
RUDN University; V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences
Email: 1132239133@pfur.ru
ORCID iD: 0009-0000-9046-3225
ResearcherId: KLZ-4503-2024
Master’s degree student Department of Probability Theory and Cybersecurity of RUDN University; Mathematician, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences
6 Miklukho-Maklaya St, Moscow, 117198, Russian Federation; 65 Profsoyuznaya St, Moscow 117997, Russian FederationDmitry S. Kulyabov
RUDN University; Joint Institute for Nuclear Research
Author for correspondence.
Email: kulyabov_ds@pfur.ru
ORCID iD: 0000-0002-0877-7063
Scopus Author ID: 35194130800
ResearcherId: I-3183-2013
Professor, Doctor of Sciences in Physics and Mathematics, Professor of Department of Probability Theory and Cyber Security of RUDN University; Senior Researcher of Laboratory of Information Technologies, Joint Institute for Nuclear Research
6 Miklukho-Maklaya St, Moscow, 117198, Russian Federation; 6 Joliot-Curie St, Dubna, 141980, Russian FederationReferences
- Kosmacheva, I., Davidyuk, N., Belov, S., Kuchin, Y. S., Kvyatkovskaya, Y., Rudenko, M. & Lobeyko, V. I. Predicting of cyber attacks on critical information infrastructure. Journal of Physics: Conference Series 2091 (2021).
- Bhuyan, M. H., Bhattacharyya, D. K. & Kalita, J. K. Network Anomaly Detection: Methods, Systems and Tools. IEEE Communications Surveys & Tutorials 16, 303-336 (2014).
- Schynol, L. & Pesavento, M. Deep Unrolling for Anomaly Detection in Network Flows in (Dec. 2023), 61-65. doi: 10.1109/CAMSAP58249.2023.10403513.
- Maheswari, G., Vinith, A., Sathyanarayanan, A. S., Sowmi, S. M. & Sambath, M. An Ensemble Framework for Network Anomaly Detection Using Isolation Forest and Autoencoders. 2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS), 1-6 (2024).
- Olateju, O., Okon, S., Igwenagu, U., Salami, A., Oladoyinbo, T. & Olaniyi, O. Combating the Challenges of False Positives in AI-Driven Anomaly Detection Systems and Enhancing Data Security in the Cloud. Asian Journal of Research in Computer Science 17, 264-292. doi:10.9734/ ajrcos/2024/v17i6472 (June 2024).
- Lavanya, A. & Sekar, D. Traditional Methods and Machine Learning for Anomaly Detection in Self-Organizing Networks. International Journal of Scientific Research in Science, Engineering and Technology 10, 352-360. doi: 10.32628/IJSRSET2310662 (Dec. 2023).
- Sheela, S. N., Prasad, E., Srinath, M. V. & Basha, M. S. Intrusion Detection Systems, Tools and Techniques - An Overview. Indian journal of science and technology 8 (2015).
- Al-Ghamdi, M. An Assessment of Intrusion Detection System (IDS) and Data-Set Overview: A Comprehensive Review of Recent Works. Journal of Scientific Research and Development 5, 979- 982 (Feb. 2021).
- Rozendaal, K., Mailewa, A. & Dissanayake Mohottalalage, T. Neural Network Assisted IDS/IPS: An Overview of Implementations, Benefits, and Drawbacks. International Journal of Computer Applications 184, 21-28. doi: 10.5120/ijca2022922098 (May 2022).
- Satilmiş, H., Akleylek, S. & Tok, Z. A Systematic Literature Review on Host-Based Intrusion Detection Systems. IEEE Access PP, 1-1. doi: 10.1109/ACCESS.2024.3367004 (Jan. 2024).
- Mahfuz, N. M., Yusoff, M. & Ahmad, Z. Review of single clustering methods. IAES International Journal of Artificial Intelligence 8, 221-227 (2019).
- Burkov, A. Machine learning engineering (True Positive, Sept. 2020).
- Park, H.-S. & Jun, C.-H. A simple and fast algorithm for K-medoids clustering. Expert Systems with Applications 36, 3336-3341. doi: 10.1016/j.eswa.2008.01.039 (2009).
- Campello, R., Kröger, P., Sander, J. & Zimek, A. Density-based clustering. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 10. doi: 10.1002/widm.1343 (Oct. 2019).
- Ankerst, M., Breunig, M. M., Kriegel, H.-P. & Sander, J. OPTICS: ordering points to identify the clustering structure. SIGMOD Rec. 28, 49-60. doi: 10.1145/304181.304187 (June 1999).
- Sahli, Y. Comparison of the NSL-KDD dataset and its predecessor the KDD Cup ’99 dataset. International Journal of Scientific Research and Management 10, 832-839. doi: 10.18535/ijsrm/v10i4.ec05 (Apr. 2022).
- L.Dhanabal & Shantharajah, D. S. P. A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms in. 4 (June 2015), 446-452.
- Kunhare, N. & Tiwari, R. Study of the Attributes using Four Class Labels on KDD99 and NSL-KDD Datasets with Machine Learning Techniques in (Nov. 2018), 127-131. doi: 10.1109/CSNT.2018.8820244.
- Gorban, A., Kégl, B., Wunsch, D. & Zinovyev, A. Principal Manifolds for Data Visualisation and Dimension Reduction, LNCSE 58 338 pp. (Jan. 2008).
Supplementary files
