Comparison of Clustering-based Network Traffic Anomaly Detection Methods

With the popularity of information technology, various resources on the network are increasingly vulnerable to malicious attacks. For the growing problem of abnormal traffic in the network, this paper summarizes the clustering-based network traffic anomaly detection method. The paper first introduces the work related to network traffic anomaly detection, points out the reasons for the appearance of anomalous traffic, and classifies it into three types according to its characteristics: point anomalies, contextual anomalies and collective anomalies; then summarizes the clustering methods, classifies them into distance-based algorithm, density-based algorithm and hierarchy-based algorithm according to their categories, and lists the representative algorithms of each category, and also summarizes the development process of each; finally, the advantages and shortcomings of clustering methods are pointed out.