Detecting anomalous network traffic with combined fuzzy-based approaches

Abstract

This paper introduces the combined fuzzy-based approaches to detect the anomalous network traffic such as DoS/DDoS or probing attacks, which include Adaptive Neuro-Fuzzy Inference System (ANFIS) and Fuzzy C-Means (FCM) clustering. The basic idea of the algorithm is: at first using ANFIS the original multi-dimensional (M-D) feature space of network connections is transformed to a compact one-dimensional (1-D) feature space, secondly FCM clustering is used to classify the 1-D feature space into the anomalous and the normal. PCA is also used for dimensional reduction of the original feature space during feature extraction. This algorithm combines the advantages of high accuracy in supervised learning technique and high speed in unsupervised learning technique. A publicly available DRAPA/KDD99 dataset is used to demonstrate the approaches and the results show their accuracy in detecting anomalies of the network connections. © Springer-Verlag Berlin Heidelberg 2005.