Abnormal Network Traffic Detection has attracted much attention lately, as the widespread network worms and attacks are becoming greater threats to computer network security. The goal of this project is to develop a network traffic anomaly detection scheme using data mining techniques. In particular, we have developed a technique to optimize a distance-based anomaly detection algorithm while maintaining a good balance between speed and accuracy.

We have taken the nearest neighbor approach to find outliers that are distant from their neighbors. A key contribution of our approach is that the number of comparisons are reduced significantly by the introduction of a simple pruning rule, and reduced further by combining fixed-width clustering with the existing algorithm. Additional improvements have also been made by settings on input cluster size limit and on initial cut off value.

Yan Zhang, Dr Chris Leckie