The anomaly detection by using DBSCAN clustering with multiple parameters

Tran Manh Thang; Juntae Kim

doi:10.1109/ICISA.2011.5772437

The anomaly detection by using DBSCAN clustering with multiple parameters

Tran Manh Thang, Juntae Kim

Department of Computer Science and Artificial Intelligence

Dongguk University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

69 Scopus citations

Abstract

DBSCAN is one of powerful density-based clustering algorithms for detecting outliers, but there are some difficulties in finding its parameters (epsilon and minpts). Currently, there is also no way to use DBSCAN with different parameters for different cluster when it is applied to anomaly detection when network traffic includes multiple traffic types with different characteristics. In this paper, we propose a new way of finding DBSCAN's parameters and applying DBSCAN with those parameters. Each cluster may have different epsilon and minpts values in our algorithm. The algorithm is called DBSCAN-MP. We also propose a mechanism of updating normal behavior by updating size or creating new clusters when network environment is changing overtime. We evaluate proposed algorithm using the KDD Cup 1999 dataset. The result shows that the performance is improved compare to other clustering algorithms.

Original language	English
Title of host publication	2011 International Conference on Information Science and Applications, ICISA 2011
DOIs	https://doi.org/10.1109/ICISA.2011.5772437
State	Published - 2011
Event	2011 International Conference on Information Science and Applications, ICISA 2011 - Jeju Island, Korea, Republic of Duration: 26 Apr 2011 → 29 Apr 2011

Publication series

Name	2011 International Conference on Information Science and Applications, ICISA 2011

Conference

Conference	2011 International Conference on Information Science and Applications, ICISA 2011
Country/Territory	Korea, Republic of
City	Jeju Island
Period	26/04/11 → 29/04/11

Access to Document

10.1109/ICISA.2011.5772437

Cite this

@inproceedings{e4613830cfcb4269a7266fd7f1936c6e,

title = "The anomaly detection by using DBSCAN clustering with multiple parameters",

abstract = "DBSCAN is one of powerful density-based clustering algorithms for detecting outliers, but there are some difficulties in finding its parameters (epsilon and minpts). Currently, there is also no way to use DBSCAN with different parameters for different cluster when it is applied to anomaly detection when network traffic includes multiple traffic types with different characteristics. In this paper, we propose a new way of finding DBSCAN's parameters and applying DBSCAN with those parameters. Each cluster may have different epsilon and minpts values in our algorithm. The algorithm is called DBSCAN-MP. We also propose a mechanism of updating normal behavior by updating size or creating new clusters when network environment is changing overtime. We evaluate proposed algorithm using the KDD Cup 1999 dataset. The result shows that the performance is improved compare to other clustering algorithms.",

author = "Thang, {Tran Manh} and Juntae Kim",

year = "2011",

doi = "10.1109/ICISA.2011.5772437",

language = "English",

isbn = "9781424492244",

series = "2011 International Conference on Information Science and Applications, ICISA 2011",

booktitle = "2011 International Conference on Information Science and Applications, ICISA 2011",

note = "2011 International Conference on Information Science and Applications, ICISA 2011 ; Conference date: 26-04-2011 Through 29-04-2011",

}

Thang, TM & Kim, J 2011, The anomaly detection by using DBSCAN clustering with multiple parameters. in 2011 International Conference on Information Science and Applications, ICISA 2011., 5772437, 2011 International Conference on Information Science and Applications, ICISA 2011, 2011 International Conference on Information Science and Applications, ICISA 2011, Jeju Island, Korea, Republic of, 26/04/11. https://doi.org/10.1109/ICISA.2011.5772437

The anomaly detection by using DBSCAN clustering with multiple parameters. / Thang, Tran Manh; Kim, Juntae.
2011 International Conference on Information Science and Applications, ICISA 2011. 2011. 5772437 (2011 International Conference on Information Science and Applications, ICISA 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - The anomaly detection by using DBSCAN clustering with multiple parameters

AU - Thang, Tran Manh

AU - Kim, Juntae

PY - 2011

Y1 - 2011

N2 - DBSCAN is one of powerful density-based clustering algorithms for detecting outliers, but there are some difficulties in finding its parameters (epsilon and minpts). Currently, there is also no way to use DBSCAN with different parameters for different cluster when it is applied to anomaly detection when network traffic includes multiple traffic types with different characteristics. In this paper, we propose a new way of finding DBSCAN's parameters and applying DBSCAN with those parameters. Each cluster may have different epsilon and minpts values in our algorithm. The algorithm is called DBSCAN-MP. We also propose a mechanism of updating normal behavior by updating size or creating new clusters when network environment is changing overtime. We evaluate proposed algorithm using the KDD Cup 1999 dataset. The result shows that the performance is improved compare to other clustering algorithms.

AB - DBSCAN is one of powerful density-based clustering algorithms for detecting outliers, but there are some difficulties in finding its parameters (epsilon and minpts). Currently, there is also no way to use DBSCAN with different parameters for different cluster when it is applied to anomaly detection when network traffic includes multiple traffic types with different characteristics. In this paper, we propose a new way of finding DBSCAN's parameters and applying DBSCAN with those parameters. Each cluster may have different epsilon and minpts values in our algorithm. The algorithm is called DBSCAN-MP. We also propose a mechanism of updating normal behavior by updating size or creating new clusters when network environment is changing overtime. We evaluate proposed algorithm using the KDD Cup 1999 dataset. The result shows that the performance is improved compare to other clustering algorithms.

UR - http://www.scopus.com/inward/record.url?scp=79960255491&partnerID=8YFLogxK

U2 - 10.1109/ICISA.2011.5772437

DO - 10.1109/ICISA.2011.5772437

M3 - Conference contribution

AN - SCOPUS:79960255491

SN - 9781424492244

T3 - 2011 International Conference on Information Science and Applications, ICISA 2011

BT - 2011 International Conference on Information Science and Applications, ICISA 2011

T2 - 2011 International Conference on Information Science and Applications, ICISA 2011

Y2 - 26 April 2011 through 29 April 2011

ER -

The anomaly detection by using DBSCAN clustering with multiple parameters

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this