In this paper, we concentrate on the network security log mining problem, and proposed a novel fuzzy clustering algorithm to solve it. The architecture of network security log mining system is discussed at first, and three main modules are included in this system, such as data pre-processing, pattern mining and pattern analyzing. The main work of network security log mining is to find the frequent attack sequences from log files, several properties related to network security are considered in this paper, that is, start time of attacking, attacking type, end time of attacking, source IP of attackers, route path of attacking, attackers’ target IP, attackers’ port number, network protocol, and so on. To solve the problems in the traditional methods, we proposed a new modified fuzzy clustering algorithm by introducing the concept of interval weights, and attribute weights are denoted as interval constrained variables in our proposed algorithm. Afterwards, the final clustering results are obtained by minimizing an objective function through collaboratively optimizing the attribute weight. To testify the effectiveness of the proposed algorithm, we conduct experiments on a collection of network access log files under the real environment. Experimental results demonstrate that the proposed algorithm can achieve high quality clustering results with high time efficiency.
Digital Object Identifier (DOI)
Wang, Peng; Ma, Xikun; and Yu, Jingjie
"An Effective Network Security Log Mining Algorithm based on Fuzzy Clustering,"
Applied Mathematics & Information Sciences: Vol. 10:
1, Article 32.
Available at: https://digitalcommons.aaru.edu.jo/amis/vol10/iss1/32