Statistical and density-based clustering techniques in the context of anomaly detection in network systems: A comparative analysis

Cover Page

Cite item

Full Text

Abstract

In the modern world, the volume of data stored electronically and transmitted over networks continues to grow rapidly. This trend increases the demand for the development of effective methods to protect information transmitted over networks as network traffic. Anomaly detection plays a crucial role in ensuring net security and safeguarding data against cyberattacks. This study aims to review statistical and density-based clustering methods used for anomaly detection in network systems and to perform a comparative analysis based on a specific task. To achieve this goal, the authors analyzed existing approaches to anomaly detection using clustering methods. Various algorithms and clustering techniques applied within network environments were examined in this study. The comparative analysis highlights the high effectiveness of clustering methods in detecting anomalies in network traffic. These findings support the recommendation to integrate such methods into intrusion detection systems to enhance information security levels. The study identified common features, differences, strengths, and limitations of the different methods. The results offer practical insights for improving intrusion detection systems and strengthening data protection in network infrastructures.

About the authors

Aleksandr S. Baklashov

RUDN University; V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences

Email: 1132239133@pfur.ru
ORCID iD: 0009-0000-9046-3225
ResearcherId: KLZ-4503-2024

Master’s degree student Department of Probability Theory and Cybersecurity of RUDN University; Mathematician, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences

6 Miklukho-Maklaya St, Moscow, 117198, Russian Federation; 65 Profsoyuznaya St, Moscow 117997, Russian Federation

Dmitry S. Kulyabov

RUDN University; Joint Institute for Nuclear Research

Author for correspondence.
Email: kulyabov_ds@pfur.ru
ORCID iD: 0000-0002-0877-7063
Scopus Author ID: 35194130800
ResearcherId: I-3183-2013

Professor, Doctor of Sciences in Physics and Mathematics, Professor of Department of Probability Theory and Cyber Security of RUDN University; Senior Researcher of Laboratory of Information Technologies, Joint Institute for Nuclear Research

6 Miklukho-Maklaya St, Moscow, 117198, Russian Federation; 6 Joliot-Curie St, Dubna, 141980, Russian Federation

References

  1. Kosmacheva, I., Davidyuk, N., Belov, S., Kuchin, Y. S., Kvyatkovskaya, Y., Rudenko, M. & Lobeyko, V. I. Predicting of cyber attacks on critical information infrastructure. Journal of Physics: Conference Series 2091 (2021).
  2. Bhuyan, M. H., Bhattacharyya, D. K. & Kalita, J. K. Network Anomaly Detection: Methods, Systems and Tools. IEEE Communications Surveys & Tutorials 16, 303-336 (2014).
  3. Schynol, L. & Pesavento, M. Deep Unrolling for Anomaly Detection in Network Flows in (Dec. 2023), 61-65. doi: 10.1109/CAMSAP58249.2023.10403513.
  4. Maheswari, G., Vinith, A., Sathyanarayanan, A. S., Sowmi, S. M. & Sambath, M. An Ensemble Framework for Network Anomaly Detection Using Isolation Forest and Autoencoders. 2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS), 1-6 (2024).
  5. Olateju, O., Okon, S., Igwenagu, U., Salami, A., Oladoyinbo, T. & Olaniyi, O. Combating the Challenges of False Positives in AI-Driven Anomaly Detection Systems and Enhancing Data Security in the Cloud. Asian Journal of Research in Computer Science 17, 264-292. doi:10.9734/ ajrcos/2024/v17i6472 (June 2024).
  6. Lavanya, A. & Sekar, D. Traditional Methods and Machine Learning for Anomaly Detection in Self-Organizing Networks. International Journal of Scientific Research in Science, Engineering and Technology 10, 352-360. doi: 10.32628/IJSRSET2310662 (Dec. 2023).
  7. Sheela, S. N., Prasad, E., Srinath, M. V. & Basha, M. S. Intrusion Detection Systems, Tools and Techniques - An Overview. Indian journal of science and technology 8 (2015).
  8. Al-Ghamdi, M. An Assessment of Intrusion Detection System (IDS) and Data-Set Overview: A Comprehensive Review of Recent Works. Journal of Scientific Research and Development 5, 979- 982 (Feb. 2021).
  9. Rozendaal, K., Mailewa, A. & Dissanayake Mohottalalage, T. Neural Network Assisted IDS/IPS: An Overview of Implementations, Benefits, and Drawbacks. International Journal of Computer Applications 184, 21-28. doi: 10.5120/ijca2022922098 (May 2022).
  10. Satilmiş, H., Akleylek, S. & Tok, Z. A Systematic Literature Review on Host-Based Intrusion Detection Systems. IEEE Access PP, 1-1. doi: 10.1109/ACCESS.2024.3367004 (Jan. 2024).
  11. Mahfuz, N. M., Yusoff, M. & Ahmad, Z. Review of single clustering methods. IAES International Journal of Artificial Intelligence 8, 221-227 (2019).
  12. Burkov, A. Machine learning engineering (True Positive, Sept. 2020).
  13. Park, H.-S. & Jun, C.-H. A simple and fast algorithm for K-medoids clustering. Expert Systems with Applications 36, 3336-3341. doi: 10.1016/j.eswa.2008.01.039 (2009).
  14. Campello, R., Kröger, P., Sander, J. & Zimek, A. Density-based clustering. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 10. doi: 10.1002/widm.1343 (Oct. 2019).
  15. Ankerst, M., Breunig, M. M., Kriegel, H.-P. & Sander, J. OPTICS: ordering points to identify the clustering structure. SIGMOD Rec. 28, 49-60. doi: 10.1145/304181.304187 (June 1999).
  16. Sahli, Y. Comparison of the NSL-KDD dataset and its predecessor the KDD Cup ’99 dataset. International Journal of Scientific Research and Management 10, 832-839. doi: 10.18535/ijsrm/v10i4.ec05 (Apr. 2022).
  17. L.Dhanabal & Shantharajah, D. S. P. A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms in. 4 (June 2015), 446-452.
  18. Kunhare, N. & Tiwari, R. Study of the Attributes using Four Class Labels on KDD99 and NSL-KDD Datasets with Machine Learning Techniques in (Nov. 2018), 127-131. doi: 10.1109/CSNT.2018.8820244.
  19. Gorban, A., Kégl, B., Wunsch, D. & Zinovyev, A. Principal Manifolds for Data Visualisation and Dimension Reduction, LNCSE 58 338 pp. (Jan. 2008).

Supplementary files

Supplementary Files
Action
1. JATS XML