Traffic Similarity Observation Using a Genetic Algorithm and Clustering

Abstract

This article presents a technique of traffic similarity observation based on the statistical method of survival analysis by using a genetic algorithm. The basis comes from the k-means clustering algorithm. The observed traffic is collected from different network sources by using a NetFlow collector. The purpose of this technique is to propose a process of finding spread malicious traffic, e.g., ransomware, and considers the possibility of implementing a genetic-based algorithm. In our solution, a chromosome is created from clustering k-means centers, and the Davies–Bouldin validity index is used as the second fitness value in the solution.This article presents a technique of traffic similarity observation based on the statistical method of survival analysis by using a genetic algorithm. The basis comes from the k-means clustering algorithm. The observed traffic is collected from different network sources by using a NetFlow collector. The purpose of this technique is to propose a process of finding spread malicious traffic, e.g., ransomware, and considers the possibility of implementing a genetic-based algorithm. In our solution, a chromosome is created from clustering k-means centers, and the Davies–Bouldin validity index is used as the second fitness value in the solution.