Instruction Clustering Analysis for Unknown Network Protocol's Abnormal Behavior

2015 ◽  
Vol 15 (03n04) ◽  
pp. 1540002
Author(s):  
YANJING HU ◽  
QINGQI PEI ◽  
LIAOJUN PANG
Keyword(s):  
Clustering Analysis ◽  
Clustering Algorithm ◽  
High Efficiency ◽  
Abnormal Behavior ◽  
Automatic Clustering ◽  
Reverse Analysis ◽  
Message Format ◽  
Instruction Sequences ◽  
Analysis Platform ◽  
Abnormal Behaviors

Protocol's abnormal behavior analysis is an important task in protocol reverse analysis. Traditional protocol reverse analysis focus on the protocol message format, but protocol behavior especially the abnormal behavior is rare studied. In this paper, protocol behavior is represented by the labeled behavior instruction sequences. Similar behavior instruction sequences mean the similar protocol behavior. Using our developed virtual analysis platform HiddenDisc, we can capture a variety of known or unknown protocols' behavior instruction sequences. All kinds of executed or unexecuted instruction sequences can automatic clustering by our designed instruction clustering algorithm. Thereby we can distinguish and mine the unknown protocols' potential abnormal behavior. The mined potential abnormal behavior instruction sequences are executed, monitored and analyzed on HiddenDisc to determine whether it is an abnormal behavior and what is the behavior's nature. Using the instruction clustering algorithm, we have analyzed 1297 protocol samples, mined 193 potential abnormal instruction sequences, and determined 187 malicious abnormal behaviors by regression testing. Experimental results show that our proposed instruction clustering algorithm has high efficiency and accuracy, can mine unknown protocols' abnormal behaviors effectively, and enhance the initiative defense capability of network security.

scholarly journals Mixed Pattern Matching-Based Traffic Abnormal Behavior Recognition

2014 ◽  
Vol 2014 ◽  
pp. 1-12
Author(s):  
Jian Wu ◽  
Zhiming Cui ◽  
Victor S. Sheng ◽  
Yujie Shi ◽  
Pengpeng Zhao
Keyword(s):  
Pattern Matching ◽  
Spectral Clustering ◽  
Clustering Algorithm ◽  
Distance Matrix ◽  
Abnormal Behavior ◽  
Vehicle Trajectories ◽  
Time Space ◽  
Important Approach ◽  
Mixed Pattern ◽  
Abnormal Behaviors

A motion trajectory is an intuitive representation form in time-space domain for a micromotion behavior of moving target. Trajectory analysis is an important approach to recognize abnormal behaviors of moving targets. Against the complexity of vehicle trajectories, this paper first proposed a trajectory pattern learning method based on dynamic time warping (DTW) and spectral clustering. It introduced the DTW distance to measure the distances between vehicle trajectories and determined the number of clusters automatically by a spectral clustering algorithm based on the distance matrix. Then, it clusters sample data points into different clusters. After the spatial patterns and direction patterns learned from the clusters, a recognition method for detecting vehicle abnormal behaviors based on mixed pattern matching was proposed. The experimental results show that the proposed technical scheme can recognize main types of traffic abnormal behaviors effectively and has good robustness. The real-world application verified its feasibility and the validity.

scholarly journals IKM-NCS: A Novel Clustering Scheme Based on Improved K-Means Algorithm

2020 ◽  
Vol 14 ◽  
Keyword(s):  
Clustering Algorithm ◽  
User Behavior ◽  
Abnormal Behavior ◽  
Cluster Center ◽  
Initial Sample ◽  
Initial Cluster ◽  
Weight Calculation ◽  
Data Points ◽  
Abnormal Behaviors ◽  
Better Than

Aiming at the problems of distorted center selection and slow iteration convergence in traditional clustering analysis algorithm, a novel clustering scheme based on improved k-means algorithm is proposed. In this paper, based on the analysis of all user behavior sets contained in the initial sample, a weight calculation method for abnormal behaviors and an eigenvalue extraction method for abnormal behavior set are proposed and a set of abnormal behaviors is constructed for each user according to the behavior data generated by abnormal users. Then, on the basis of the traditional k-means clustering algorithm, an improved algorithm is proposed. By calculating the compactness of all data points and selecting the initial cluster center among the data points with high and low compactness, the clustering performance is enhanced. Finally, the eigenvalues of the abnormal behavior set are used as the input of the algorithm to output the clustering results of the abnormal behavior. Experimental results show that the clustering performance of this algorithm is better than the traditional clustering algorithm, and can effectively improve the clustering performance of abnormal behavior

Segmentation of SAR Image using Fuzzy C-Means and Filters

2020 ◽  
Vol 8 (1) ◽  
pp. 84-90
Author(s):  
R. Lalchhanhima ◽  
◽  
Debdatta Kandar ◽  
R. Chawngsangpuii ◽  
Vanlalmuansangi Khenglawt ◽  
...  
Keyword(s):  
Clustering Algorithm ◽  
State Of The Art ◽  
Speckle Noise ◽  
Synthetic Aperture Radar Image ◽  
Synthetic Aperture ◽  
Sar Image ◽  
Spatial Filters ◽  
Fuzzy C Means ◽  
Automatic Clustering ◽  
Intensity Information

Fuzzy C-Means is an unsupervised clustering algorithm for the automatic clustering of data. Synthetic Aperture Radar Image Segmentation has been a challenging task because of the presence of speckle noise. Therefore the segmentation process can not directly rely on the intensity information alone but must consider several derived features in order to get satisfactory segmentation results. In this paper, it is attempted to use the fuzzy nature of classification for the purpose of unsupervised region segmentation in which FCM is employed. Different features are obtained by filtering of the image by using different spatial filters and are selected for segmentation criteria. The segmentation performance is determined by the accuracy compared with a different state of the art techniques proposed recently.

scholarly journals Partition Quantitative Assessment (PQA): A Quantitative Methodology to Assess the Embedded Noise in Clustered Omics and Systems Biology Data

2021 ◽  
Vol 11 (13) ◽  
pp. 5999
Author(s):  
Diego A. Camacho-Hernández ◽  
Victor E. Nieto-Caballero ◽  
José E. León-Burguete ◽  
Julio A. Freyre-González
Keyword(s):  
Systems Biology ◽  
Clustering Analysis ◽  
Quantitative Assessment ◽  
Clustering Algorithm ◽  
Statistical Evaluation ◽  
Quantitative Methodology ◽  
Typical Problem ◽  
Statistical Validation ◽  
Common Features ◽  
Biology Research

Identifying groups that share common features among datasets through clustering analysis is a typical problem in many fields of science, particularly in post-omics and systems biology research. In respect of this, quantifying how a measure can cluster or organize intrinsic groups is important since currently there is no statistical evaluation of how ordered is, or how much noise is embedded in the resulting clustered vector. Much of the literature focuses on how well the clustering algorithm orders the data, with several measures regarding external and internal statistical validation; but no score has been developed to quantify statistically the noise in an arranged vector posterior to a clustering algorithm, i.e., how much of the clustering is due to randomness. Here, we present a quantitative methodology, based on autocorrelation, in order to assess this problem.

A population-based automatic clustering algorithm for image segmentation

2021 ◽  
Author(s):  
Seyed Jalaleddin Mousavirad ◽  
Gerald Schaefer ◽  
Mahshid Helali Moghadam ◽  
Mehrdad Saadatmand ◽  
Mahdi Pedram
Keyword(s):  
Image Segmentation ◽  
Clustering Algorithm ◽  
Population Based ◽  
Automatic Clustering

scholarly journals A Novel Detection Framework for Detecting Abnormal Human Behavior

2020 ◽  
Vol 2020 ◽  
pp. 1-9
Author(s):  
Chengfei Wu ◽  
Zixuan Cheng
Keyword(s):  
Human Behavior ◽  
Public Safety ◽  
Space Time ◽  
Abnormal Behavior ◽  
Detection Methods ◽  
Time Block ◽  
Safety Issues ◽  
Behavior Detection ◽  
Abnormal Behavior Detection ◽  
Abnormal Behaviors

Public safety issues have always been the focus of widespread concern of people from all walks of life. With the development of video detection technology, the detection of abnormal human behavior in videos has become the key to preventing public safety issues. Particularly, in student groups, the detection of abnormal human behavior is very important. Most existing abnormal human behavior detection algorithms are aimed at outdoor activity detection, and the indoor detection effects of these algorithms are not ideal. Students spend most of their time indoors, and modern classrooms are mostly equipped with monitoring equipment. This study focuses on the detection of abnormal behaviors of indoor humans and uses a new abnormal behavior detection framework to realize the detection of abnormal behaviors of indoor personnel. First, a background modeling method based on a Gaussian mixture model is used to segment the background image of each image frame in the video. Second, block processing is performed on the image after segmenting the background to obtain the space-time block of each frame of the image, and this block is used as the basic representation of the detection object. Third, the foreground image features of each space-time block are extracted. Fourth, fuzzy C-means clustering (FCM) is used to detect outliers in the data sample. The contribution of this paper is (1) the use of an abnormal human behavior detection framework that is effective indoors. Compared with the existing abnormal human behavior detection methods, the detection framework in this paper has a little difference in terms of its outdoor detection effects. (2) Compared with other detection methods, the detection framework used in this paper has a better detection effect for abnormal human behavior indoors, and the detection performance is greatly improved. (3) The detection framework used in this paper is easy to implement and has low time complexity. Through the experimental results obtained on public and manually created data sets, it can be demonstrated that the performance of the detection framework used in this paper is similar to those of the compared methods in outdoor detection scenarios. It has a strong advantage in terms of indoor detection. In summary, the proposed detection framework has a good practical application value.

A novel method for spacecraft electrical fault detection based on FCM clustering and WPSVM classification with PCA feature extraction

2016 ◽  
Vol 231 (1) ◽  
pp. 98-108 ◽  
Author(s):  
Ke Li ◽  
Yalei Wu ◽  
Shimin Song ◽  
Yi sun ◽  
Jun Wang ◽  
...  
Keyword(s):  
Feature Extraction ◽  
Clustering Algorithm ◽  
High Efficiency ◽  
Computing Time ◽  
Principal Component ◽  
Component Analysis ◽  
Support Vector ◽  
Electrical Characteristics ◽  
Complex Signals ◽  
Fcm Clustering

The measurement of spacecraft electrical characteristics and multi-label classification issues are generally including a large amount of unlabeled test data processing, high-dimensional feature redundancy, time-consumed computation, and identification of slow rate. In this paper, a fuzzy c-means offline (FCM) clustering algorithm and the approximate weighted proximal support vector machine (WPSVM) online recognition approach have been proposed to reduce the feature size and improve the speed of classification of electrical characteristics in the spacecraft. In addition, the main component analysis for the complex signals based on the principal component feature extraction is used for the feature selection process. The data capture contribution approach by using thresholds is furthermore applied to resolve the selection problem of the principal component analysis (PCA), which effectively guarantees the validity and consistency of the data. Experimental results indicate that the proposed approach in this paper can obtain better fault diagnosis results of the spacecraft electrical characteristics’ data, improve the accuracy of identification, and shorten the computing time with high efficiency.

scholarly journals K-Nearest Neighbor Intervals Based AP Clustering Algorithm for Large Incomplete Data

2015 ◽  
Vol 2015 ◽  
pp. 1-9 ◽  
Author(s):  
Cheng Lu ◽  
Shiji Song ◽  
Cheng Wu
Keyword(s):  
Clustering Analysis ◽  
Incomplete Data ◽  
Clustering Algorithm ◽  
Nearest Neighbor ◽  
Interval Data ◽  
Similarity Function ◽  
K Nearest Neighbor ◽  
Partial Data ◽  
Missing Attributes ◽  
Ap Clustering

The Affinity Propagation (AP) algorithm is an effective algorithm for clustering analysis, but it can not be directly applicable to the case of incomplete data. In view of the prevalence of missing data and the uncertainty of missing attributes, we put forward a modified AP clustering algorithm based onK-nearest neighbor intervals (KNNI) for incomplete data. Based on an Improved Partial Data Strategy, the proposed algorithm estimates the KNNI representation of missing attributes by using the attribute distribution information of the available data. The similarity function can be changed by dealing with the interval data. Then the improved AP algorithm can be applicable to the case of incomplete data. Experiments on several UCI datasets show that the proposed algorithm achieves impressive clustering results.

Sign in / Sign up

Export Citation Format

Share Document