You are on page 1of 2

Network Administrator Assistance System Based on FCM Analysis

Paper:

Network Administrator Assistance System


Based on Fuzzy C-means Analysis
Benhui Chen∗ , Jinglu Hu∗ , Lihua Duan∗∗ , and Yinglong Gu∗∗
∗Graduate School of Information, Production and Systems, Waseda University
2-7 Hibikino, Wakamatsu, Kitakyushu-shi, Fukuoka, 808-0135, Japan
E-mail: bhchen@fuji.waseda.jp, jinglu@waseda.jp
∗∗ Dali University Gucheng Xuefu Road of Dali City, Yunnan, 671007, China

E-mail: {dlh, gyl}@dali.edu.cn


[Received July 16, 2008; accepted January 15, 2009]

In this research we design a network administrator fic growth trends of NSFNET were published [7]. With
assistance system based on traffic measurement and the increasing scale of Internet, performance became a fo-
fuzzy c-means (FCM) clustering analysis method. Net- cal issue in traffic measurement and analysis. And many
work traffic measurement is an essential tool for moni- studies had been reported on examining network perfor-
toring and controlling communication network. It can mance issues, such as route stability, end-to-end perfor-
provide valuable information about network traffic- mance [8], and so on. In recent years, many projects and
load patterns and performances. The proposed system organizations focusing on traffic measurement and analy-
utilizes the FCM method to analyze users’ network be- sis are established, including CAIDA (Cooperative Asso-
haviors and traffic-load patterns based on traffic mea- ciation for Internet Data Analysis), MAWI (Measurement
surement data of IP network. Analysis results can be and Analysis on the WIDE Internet), NLANR (National
used as assistance for administrator to determine ef- Laboratory for Advanced Network Research), IPMA (In-
ficient controlling and configuring parameters of net- ternet Performance Measurement and Analysis), etc [9].
work management systems. The system is applied in Nowadays, many network equipments and application
Dali University campus network, and it is effective in systems, such as Authentication system, Firewall and
practice. other traffic measurement systems, can log network traffic
data completely. But it is very difficult to extract valuable
information of traffic-load patterns and users’ network be-
Keywords: network traffic measurement, FCM, network haviors from those vast log data efficiently. As an explo-
behavior, traffic-load pattern, network configuration rative technique, clustering is an efficient method for sta-
tistical data analysis.
There are two main approaches of clustering. One is
1. Introduction crisp clustering (or hard clustering), and the other is fuzzy
clustering. A characteristic of the crisp clustering ap-
As an infrastructure of modern information society, In- proach is that the boundaries between clusters are fully
ternet has become one of indispensable parts of people’s defined. However, in many real cases, boundaries be-
daily lives. As Internet users always hope that the network tween natural classes are overlapping. So, certain input
can provide services with guaranteed quality, the network patterns do not completely belong to a single class, but
administrators also want to understand the users’ network partially belong to other classes too. In such cases, the
behaviors in order to further control its operations and fuzzy clustering approach can provide a better and more
behaviors effectively. Network traffic measurement and useful method to classify these patterns.
analysis, as one of important methods for understanding There are many fuzzy clustering methods being intro-
and characterizing network, can provide significant sup- duced in Ref. [10]. Fuzzy c-means clustering (FCM) algo-
port for network management [1, 2]. rithm is one of most important and popular fuzzy cluster-
Traffic measurement and analysis can provide useful ing algorithms. It is a data clustering technique in which
information about network traffic-load patterns and per- a data set is grouped into C clusters with every data point
formances for network administrator. It is applied to in the data set belonging to every cluster on a certain de-
many fields, like traffic accounting, intrusion detection, gree. At present, the FCM algorithm has been extensively
anomaly detection, research of network behavior, perfor- used in data analysis, pattern recognition, image process-
mance analysis, and other relevant research fields [3–5]. ing, classifier design, etc.
Much researches on traffic measurement and analysis In this paper we design a network administrator as-
has been done over last decades. In 1992, traffic was in- sistance system based on traffic measurement and FCM
vestigated on T1 backbone of NSFNET [6], and several analysis method. The proposed system utilizes a FCM
characteristics were analyzed. Later on, studies of traf- method to analyze users’ network behaviors and traffic-

Vol.13 No.2, 2009 Journal of Advanced Computational Intelligence 91


and Intelligent Informatics
Chen, B. et al.

Authentication
load patterns based on log data of Authentication and Switch Firewall R outer
Firewall systems. Analysis results provide useful infor- INTE R NE T
Users
mation for administrator to design efficient network con- CE R NE T
figuration parameters. The system is applied in Dali Uni-
versity campus network, and it is effective in practice.
The rest of paper is organized as follows. In section 2 Design C onfiguration L og Data Capture
we give a brief overview of clustering and FCM algo- Parameters
rithm. In section 3 we formulate the framework and sys- Administrator
tem model of the proposed network administrator assis- Assistance System
tance system. Section 4 presents testing results of the Administrator
proposed system. Finally, conclusions and future work
Analysis R eports
directions are introduced.

2. Clustering and Fuzzy C-Means Fig. 1. Framework of administrator assistance system in


network topology.
As an explorative technique, clustering is a process of
grouping a data set in a way that the similarity between by the following formula:
data within same cluster is maximized while the similarity
C N  2
of data between different clusters is minimized. It classi- Jm (U,V ) = ∑ ∑ (ui j )m x j − vi  . . . . . (2)
fies a set of observations into two or more mutually ex- i=1 j=1
clusive unknown groups based on combinations of many
variables. Its aim is to construct groups in such a way that where 1 ≤ m < ∞ is the weighting exponent on each fuzzy
the profiles of objects in the same groups are relatively membership and determines the amount of fuzziness of
homogeneous whereas the profiles of objects in different the resulting classification. The FCM algorithm tries to
groups are relatively heterogeneous [11]. minimize Jm (U,V ) by iteratively updating the partition
Clustering is distinct from classification techniques, matrix using the following equations:
like discriminate analysis or classification tree algorithms. ∑Nj=1 (ui j )m x j
Here no a priori information about classes is required, i.e., vi = . . . . . . . . . . . (3)
neither the number of clusters nor the rules of assignment ∑Nj=1 (ui j )m
into clusters are known. They have to be discovered ex- where i = 1, 2, · · · ,C
clusively from the given data set without any reference to ⎛    2 ⎞−1
a training set. C x j − vi  m−1
FCM is a method of clustering which allows one piece ui j = ⎝ ∑  
x j − vl 
⎠ . . . . . (4)
of data to belong to two or more clusters. To define l=1
the FCM algorithm [12] consider a data set of N vec-
tors X = {x1 , x2 , · · · xN } to be clustered into C groups. where i = 1, 2, · · · ,C and j = 1, 2, · · · , N. The iteration
Each x j ∈ R p , j = 1, 2, · · · , N is a feature vector consist- will
stop when the improvement
of objective function
(t+1) (t)
ing of p real-valued measurements describing the features Jm (U,V ) − Jm (U,V ) < ε , where ε is a termination
of the object. A fuzzy c-partition of the given data set criterion between 0 and 1, and t is the iteration step.
is the fuzzy partition matrix U = [ui j ], i = 1, 2, · · · ,C and
j = 1, 2, · · · , N such that
3. Administrator Assistance System
0 ≤ ui j ≤ 1, f or 1 ≤ i ≤ C, 1 ≤ j ≤ N
Figure 1 shows the framework of the proposed network
0 ≤ ∑ j=1 ui j ≤ N, f or 1 ≤ i ≤ C
N
administrator assistance system in network topology. The
∑i=1 ui j = 1, f or 1 ≤ j ≤ N system can capture traffic measurement data from logs of
C
. . . . . (1)
network Authentication system and Firewall system. And
where ui j is the membership of feature vector x j to cluster it utilizes a FCM method to analyze users’ network behav-
ci . The clustering process is based on the assignment of iors and traffic-load patterns based on those traffic mea-
the x j ∈ X feature vectors into C clusters, which are repre- surement data. Analysis results are used as assistance for
sented by the cluster center vector vi ∈ V = (v1 , v2 , · · · , vc ) administrator to determine efficient controlling and con-
and vi ∈ R p , i = 1, 2, · · · ,C. The aim of the FCM algo- figuring parameters of network management systems.
rithm is to find an optimal fuzzy c-partition by evolving The system model of the proposed system is showed in
the fuzzy partition matrix U = [ui j ] iteratively and com- Fig. 2. The system has four main modules that “log data
puting the cluster centers. capture module,” “data preprocessing module,” “cluster-
In a FCM algorithm, the objective function of a fuzzy c- ing analysis module,” and “integration analysis module.”
partition U, Jm (U,V ) is defined in term of cluster centers Detailed descriptions of each module are formulated be-
low.

92 Journal of Advanced Computational Intelligence Vol.13 No.2, 2009


and Intelligent Informatics