You are on page 1of 2

Network Administrator Assistance System Based on FCM Analysis

Paper:

Network Administrator Assistance System
Based on Fuzzy C-means Analysis
Benhui Chen∗ , Jinglu Hu∗ , Lihua Duan∗∗ , and Yinglong Gu∗∗
∗Graduate School of Information, Production and Systems, Waseda University
2-7 Hibikino, Wakamatsu, Kitakyushu-shi, Fukuoka, 808-0135, Japan
E-mail: bhchen@fuji.waseda.jp, jinglu@waseda.jp
∗∗ Dali University Gucheng Xuefu Road of Dali City, Yunnan, 671007, China

E-mail: {dlh, gyl}@dali.edu.cn
[Received July 16, 2008; accepted January 15, 2009]

In this research we design a network administrator fic growth trends of NSFNET were published [7]. With
assistance system based on traffic measurement and the increasing scale of Internet, performance became a fo-
fuzzy c-means (FCM) clustering analysis method. Net- cal issue in traffic measurement and analysis. And many
work traffic measurement is an essential tool for moni- studies had been reported on examining network perfor-
toring and controlling communication network. It can mance issues, such as route stability, end-to-end perfor-
provide valuable information about network traffic- mance [8], and so on. In recent years, many projects and
load patterns and performances. The proposed system organizations focusing on traffic measurement and analy-
utilizes the FCM method to analyze users’ network be- sis are established, including CAIDA (Cooperative Asso-
haviors and traffic-load patterns based on traffic mea- ciation for Internet Data Analysis), MAWI (Measurement
surement data of IP network. Analysis results can be and Analysis on the WIDE Internet), NLANR (National
used as assistance for administrator to determine ef- Laboratory for Advanced Network Research), IPMA (In-
ficient controlling and configuring parameters of net- ternet Performance Measurement and Analysis), etc [9].
work management systems. The system is applied in Nowadays, many network equipments and application
Dali University campus network, and it is effective in systems, such as Authentication system, Firewall and
practice. other traffic measurement systems, can log network traffic
data completely. But it is very difficult to extract valuable
information of traffic-load patterns and users’ network be-
Keywords: network traffic measurement, FCM, network haviors from those vast log data efficiently. As an explo-
behavior, traffic-load pattern, network configuration rative technique, clustering is an efficient method for sta-
tistical data analysis.
There are two main approaches of clustering. One is
1. Introduction crisp clustering (or hard clustering), and the other is fuzzy
clustering. A characteristic of the crisp clustering ap-
As an infrastructure of modern information society, In- proach is that the boundaries between clusters are fully
ternet has become one of indispensable parts of people’s defined. However, in many real cases, boundaries be-
daily lives. As Internet users always hope that the network tween natural classes are overlapping. So, certain input
can provide services with guaranteed quality, the network patterns do not completely belong to a single class, but
administrators also want to understand the users’ network partially belong to other classes too. In such cases, the
behaviors in order to further control its operations and fuzzy clustering approach can provide a better and more
behaviors effectively. Network traffic measurement and useful method to classify these patterns.
analysis, as one of important methods for understanding There are many fuzzy clustering methods being intro-
and characterizing network, can provide significant sup- duced in Ref. [10]. Fuzzy c-means clustering (FCM) algo-
port for network management [1, 2]. rithm is one of most important and popular fuzzy cluster-
Traffic measurement and analysis can provide useful ing algorithms. It is a data clustering technique in which
information about network traffic-load patterns and per- a data set is grouped into C clusters with every data point
formances for network administrator. It is applied to in the data set belonging to every cluster on a certain de-
many fields, like traffic accounting, intrusion detection, gree. At present, the FCM algorithm has been extensively
anomaly detection, research of network behavior, perfor- used in data analysis, pattern recognition, image process-
mance analysis, and other relevant research fields [3–5]. ing, classifier design, etc.
Much researches on traffic measurement and analysis In this paper we design a network administrator as-
has been done over last decades. In 1992, traffic was in- sistance system based on traffic measurement and FCM
vestigated on T1 backbone of NSFNET [6], and several analysis method. The proposed system utilizes a FCM
characteristics were analyzed. Later on, studies of traf- method to analyze users’ network behaviors and traffic-

Vol.13 No.2, 2009 Journal of Advanced Computational Intelligence 91
and Intelligent Informatics

INTE R NE T Users mation for administrator to design efficient network con. . . . · · · .2.. i=1 j=1 clusive unknown groups based on combinations of many variables. A fuzzy c-partition of the given data set criterion between 0 and 1. f or 1 ≤ j ≤ N system can capture traffic measurement data from logs of C . · · · xN } to be clustered into C groups. conclusions and future work Analysis R eports directions are introduced. · · · . As an explorative technique. Authentication load patterns based on log data of Authentication and Switch Firewall R outer Firewall systems. . . N. N such that 3. 92 Journal of Advanced Computational Intelligence Vol. 2. The iteration Each x j ∈ R p . . Fig. To define l=1 the FCM algorithm [12] consider a data set of N vec- tors X = {x1 . Jm (U. 2. Finally. vc ) administrator to determine efficient controlling and con- and vi ∈ R p . and t is the iteration step. where i = 1. The aim of the FCM algo. Administrator Assistance System 0 ≤ ui j ≤ 1. 2. .V ) is defined in term of cluster centers Detailed descriptions of each module are formulated be- low. (2) fies a set of observations into two or more mutually ex. N is a feature vector consist. B. rithm is to find an optimal fuzzy c-partition by evolving The system model of the proposed system is showed in the fuzzy partition matrix U = [ui j ] iteratively and com. minimize Jm (U. Clustering and Fuzzy C-Means Fig.V ) = ∑ ∑ (ui j )m x j − vi  . i = 1. In section 3 we formulate the framework and sys. Its aim is to construct groups in such a way that where 1 ≤ m < ∞ is the weighting exponent on each fuzzy the profiles of objects in the same groups are relatively membership and determines the amount of fuzziness of homogeneous whereas the profiles of objects in different the resulting classification.Chen. 1 ≤ j ≤ N Figure 1 shows the framework of the proposed network 0 ≤ ∑ j=1 ui j ≤ N. Framework of administrator assistance system in network topology.V ) < ε . · · · . f or 1 ≤ i ≤ C.C clusively from the given data set without any reference to ⎛    2 ⎞−1 a training set. where ε is a termination of the object. ∑Nj=1 (ui j )m x j Here no a priori information about classes is required. is the fuzzy partition matrix U = [ui j ].C. i = 1. j = 1. . · · · . . CE R NE T figuration parameters. Jm (U. . figuring parameters of network management systems. v2 . 2. Section 4 presents testing results of the Administrator proposed system. (4) of data to belong to two or more clusters. 2. ing analysis module. . i. And where ui j is the membership of feature vector x j to cluster it utilizes a FCM method to analyze users’ network behav- ci . vi = . . . 2. . f or 1 ≤ i ≤ C N administrator assistance system in network topology. 2. C x j − vi  m−1 FCM is a method of clustering which allows one piece ui j = ⎝ ∑   x j − vl  ⎠ . 2. matrix using the following equations: like discriminate analysis or classification tree algorithms. The ∑i=1 ui j = 1. In section 2 Design C onfiguration L og Data Capture we give a brief overview of clustering and FCM algo. · · · . and it is effective in practice. Administrator tem model of the proposed network administrator assis. et al. which are repre.C and j = 1. 2009 and Intelligent Informatics . They have to be discovered ex. Assistance System tance system. surement data. Parameters rithm.e. 1. The system is applied in Dali Uni- versity campus network. will stop when the improvement of objective function (t+1) (t) ing of p real-valued measurements describing the features Jm (U. · · · . The system has four main modules that “log data puting the cluster centers. x2 . The clustering process is based on the assignment of iors and traffic-load patterns based on those traffic mea- the x j ∈ X feature vectors into C clusters.” and “integration analysis module. .V ) − Jm (U. (3) neither the number of clusters nor the rules of assignment ∑Nj=1 (ui j )m into clusters are known. . . 2. where i = 1. capture module. The rest of paper is organized as follows.” “cluster- In a FCM algorithm. .C and j = 1. the objective function of a fuzzy c.” partition U. . . It classi.13 No. · · · . Analysis results are used as assistance for sented by the cluster center vector vi ∈ V = (v1 . · · · .V ) by iteratively updating the partition Clustering is distinct from classification techniques. The FCM algorithm tries to groups are relatively heterogeneous [11]. Analysis results provide useful infor. clustering is a process of grouping a data set in a way that the similarity between by the following formula: data within same cluster is maximized while the similarity C N  2 of data between different clusters is minimized. .” “data preprocessing module. . (1) network Authentication system and Firewall system.