I have two clusters, one for normal traffics and another for anomaly traffics. I got both clusters using K-means clustering. I want to compare both clusters with patterns of normal data to reduce false alarms.Which technique is better in this case, using similarity and dissimilarity measures or pattern matching algorithms? I use NSL-KDD dataset. Is there any other useful way in this case? Exact comparison will not give result since we have different types of protocols and services.
Thank you.
Dear D. Y. Mahmood,
I suggest APMM, a new similarity metric for the clustering problems, which is introduced by Alizadeh et al. (2011, 2014).
Best Regards.
http://webpages.iust.ac.ir/halizadeh/Hosein_files/pdfs/2014,%20IDA,%20Cluster%20Ensemble%20Selection%20Based%20on%20a%20New%20Cluster%20Stability%20Measure,%20Preprint.pdf
It really will depend on what you have to work with in terms of ancillary data (velocity, slope, terrain type, etc...), as well as the amount of time you can devote to the problem. Similarity metrics are usually (but not always) quicker than pattern matching algorithms, particularly in high-dimensional spaces (i.e. you clustered based on a whole slew of parameters). Density, spread, etc.. are all fairly quick to calculate, as they do not require temporal windows (one frame is enough), which makes them suitable for interactive work, but also far less precise and interesting.
For more precise work, which will then need to be done asynchronously to the display, then you can get into pattern analysis. Behaviours such as aggregation, divergence, convoying, or predator-prey relations can fairly readily be detected, but require a fair amount of processing. It will depend on your intended use as to whether that's a good tradeoff.
Another option would be Normalized Mutual Information (NMI), a statistical type measure to compare the similarity of the distribution of the frequency of items in respective clusters.
hello deeman , we all know the objective of pattern recognition is generalization.so, i think in this satution it is better to use one of the supervised machine learning techniques ( GMM,HMM,NN and so on) instead of clustering solution. also, your optimal solution depends on your feature vector input.
- Badges
- Science topic
- Similar topics
- Computer Science
- Data Mining