Anomaly Detection Using Metaheuristic Firefly Harmonic Clustering

The performance of communication networks can be affected by a number of factors including misconfiguration, equipments outages, attacks originated from legitimate behavior or not, software errors, among many other causes. These factors may cause an unexpected change in the traffic behavior and create what we call anomalies that may represent a loss of performance or breach of network security. Knowing the behavior pattern of the network is essential to detect and characterize an anomaly. Therefore, this paper presents an algorithm based on the use of Digital Signature of Network Segment (DSNS), used to model the traffic behavior pattern. We propose a clustering algorithm, K-Harmonic means (KHM), combined with a new heuristic approach, named Firefly Algorithm (FA), for network volume anomaly detection. The KHM calculate the weighting function of each point to calculate new centroids and circumventing the initialization problem present in most center based clustering algorithm and exploits the search capability of FA from escaping local optima. Processing the DSNS data and real traffic data is possible to detect and classify intervals considered anomalous with a trade-off between the 80% true-positive rate and 20% false-positive rate.