Graph–Based anomaly detection using fuzzy clustering

Abstract

Network anomaly detection has become an important area with the increasing number of security threats of the network systems. Distributed Denial of Service (DDoS) attack is a significant threat causing serious results in network services. In this paper, a DDoS attack detection algorithm based on different graph features such as indegree, outdegree, betweenness, and eigenvector centrality is proposed. These features measure the importance of nodes such as source and destination IP addresses. They give information about the structure of the network. By using these features, the normal and attack behaviors of the network are modeled. Also, by using a fuzzy clustering algorithm with these features, suspicious and reliable IP addresses are detected in an efficient way. This algorithm is tested on the real data collected from Boğaziçi University network.