Measurement: Sensors 23 (2022) 100407

Contents lists available at ScienceDirect

Measurement: Sensors
journal homepage: www.sciencedirect.com/journal/measurement-sensors

Analyze the anomalous behavior of wireless networking using the big

data analytics
Yousef Methkal Abd Algani a, b, *, G Arul Freeda Vinodhini c, K. Ruth Isabels d,
Chamandeep Kaur e, Mark Treve f, B. Kiran Bala g, S. Balaji h, G. Usha Devi i
a
Department of Mathematics, Sakhnin College, Israel
b
Department of Mathematics, The Arab Academic College for Education in Israel-Haifa, Israel
c
Department of Science and Humanities, Saveetha School of Engineering, SIMATS, Chennai, 60210, India
d
Department of Mathematics, Saveetha Engineering College, Saveetha Nagar, Thandalam, Chennai, 602 105, Tamilnadu, India
e
Lecturer, Computer Science Department, Jazan University, Jizan, Saudi Arabia
f
Lecturer, School of Languages and General Education, Walailak University, Nakhon Si Thammarat, Thailand
g
Head of the Department, Department of Artificial Intelligence and Data Science, K.Ramakrishnan College of Engineering, Samayapuram, Trichy, 621 112, India
h
Department of Computer Science and Engineering, Panimalar Engineering College, India
i
Department of Artificial Intelligence and Data Science, K.Ramakrishnan College of Engineering, Samayapuram, Trichy, India

A R T I C L E I N F O A B S T R A C T

Keywords: Internet connections and cellular technologies are extensively used throughout the globe. Anomaly detection
Anomaly detection systems have considered an essential tool for detecting a broad range of hostile activity in the cyberspace
Wireless network domain. The researchers of this paper address the problems and existing knowledge of anomalous detecting for
Big data analytics
mobile networks as they prepare to embrace the “big data” age. As new computer cyber-security defects and
Dirichlet mixture model
ADs
vulnerabilities are reported every day, anomaly detection systems (ADSs) are getting increasingly crucial. The
major objective is to develop methods for scanning networks activity and detecting unusual behaviours that
could be the result of anomalous assaults.The Dirichlet mixture prototype dependent on anomaly detection
methodology is a proposed methodology called DM-ADs; anomaly detecting engine that incorporates 3 com­
ponents: collecting and logging, pre-processing, and a novel statistical decision processor. This paper offers a
hybrid anomaly detection method that combines several characteristic selecting strategies with an appropriate
mixture approach to recognize each assault form with great precision. The suggested method’s effectiveness is
assessed using two databases, the NSL-KDD. The effectiveness of the suggested ADS was proved by retaining
excellent precision and minimal false-positive percentages in all sorts of attacks.

1. Introduction
People, objects, and their connections generate enormous amounts of
information and data. The increased number of smart gadgets, machine-
to-machine (M2M) connections, and social networking penetration are
all important contributors of big data in the wireless communication
industry. With the expansion of communication networks toward 5G, a
variety of techniques such as massive multiple input multiple output
(MIMO) and base station (BS) densification are predicted to exponen­
tially increase the quantity of information [1,2]. The information is
produced on a massive scale (volume), with rapid input or output from
the system (velocity), and from a wide range of resources both inside
and outside the system (variety), and the information’s quality and trust
are unmatched in terms of variety (veracity), volume, and velocity.Big
data is born as a result of the atypical 4V properties (veracity, volume,
variety, and velocity) of existing data processing, and its administration
and assessment necessitate big data analytics strategies [3].
Big data analytics refers to the methodologies and techniques, as well
as the software and hardware, that are used to receive, manage, and
analyze enormous amounts of unstructured and structured information
in actual time. In contrast to traditional data analytics systems, big data
analytics analyses all of the information rather than just a sample of it
[4]. When working with tiny amounts of data, analysis were carried out
by selecting random examples (partially information) that were thought

* Corresponding author. Department of Mathematics, Sakhnin College, Israel.

E-mail addresses: Yosefabdalgani@gmail.com (Y.M. Abd Algani), arulfreedavinodhini@saveetha.com (G.A.F. Vinodhini), ruthisabels@saveetha.ac.in
(K.R. Isabels), kaur.chaman83@gmail.com (C. Kaur), trevemark@yahoo.com (M. Treve), balajiit@gmail.com (S. Balaji), ushadevi3012@gmail.com (G.U. Devi).

https://doi.org/10.1016/j.measen.2022.100407
Received 15 June 2022; Received in revised form 25 July 2022; Accepted 2 August 2022
Available online 9 August 2022
2665-9174/© 2022 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-
nc-nd/4.0/).
Y.M. Abd Algani et al.
to be representational of the entire dataset [5]. Due to the examination
of just partial data, the knowledge recovered is erroneous and incom­
plete, resulting in sub-optimal judgements and inefficient and subopti­
mal effectiveness.Particularly in the context of troubleshooting, and
actual network analysis accurate and timely knowledge is necessary in
order to provide accurate solutions, which could only be achieved by
analysing all big data. Big data provides a lot of options for present and
future wireless services in a variation of methods, several of which are
mentioned here [6].
• Big data analytics will allow for a single effectiveness assessment.
• In wireless networks, big data analytics allows proactive and smart
storage.
• Big data analytics allows for the analysis of the network’s long-term
characteristics.
• Self-coordination between network operations and components is
enabled by big data analytics.
• Big data analytics provide wireless communication insight from end
to end.
Finite mixture methods have been one of the most popular model-
based clustered methods in recent decades, and they’ve been utilised
to a wide range of implementations and fields. In the situation of mixed
approaches, choosing the number of clusters to describe the information
is a difficult task. For this challenge, various techniques have been
offered. The existing methods, moreover, are dependent on the method’s
identification of an undetermined but limited amount of factors.
Dirichlet systems, based on previous advancements, may give efficient
solutions to the classification model. Antoniak, Ferguson, and others are
credited with developing the concept of mixed Dirichlet systems.Despite
the fact that these approaches have been around for a significant dura­
tion, their real-world applicability in information modelling and clus­
tered have just lately been demonstrated [7]. The difficulty of Dirichlet
methodology mixing framework grows as new data arrives because it is
a non-parametric Bayesian approach. As a result, Dirichlet
processes-based mixture prototypes are characterized as infinite.
Indeed, we don’t require identifying a number of combination elements
a priori with unlimited mixture frameworks. This trait enables the al­
gorithms more realistic than if we assumed a set number of variables.
The Gaussian assumptions are used in the majority of research with
infinite mixture prototypes [8]. Other probabilities, including the
Dirichlet probability, have been established in initial research to provide
excellent outcomes in specific situations and are more suited. The
research given here uses unlimited Dirichlet mixture prototypes with
Anomaly detection to handle the problems of information modelling,
categorization, and predictions [9].
The remainder of this study is organised as follows: section 2 defines
relevant studies on wireless network device anomaly detection using
various methodologies. The process of the proposed algorithm is
described in depth in Section 3. Section 4 contains the findings and
explanation of the experiments. Finally, section 5 concludes the study.
2. Related work
According to Ref. [10], the widespread availability of numerous
wireless transmission methods and applications has ushered in the big
data age in large-scale wireless networking. The enormous diversity,
real-time velocity, great volume, and enormous potential of big data
from massive capacity wireless connections create unique study diffi­
culties that are distinct from conventional computer technologies. They
give an overview of state-of-the-art Big Data Analytics (BDA) method­
ologies for large-scale wireless connections in this research. In specif­
ically, they divide BDA’s life span into 4 phases: data analytics, data
acquisition, data storage, and data pre-processing.Furthermore, for
every phase of the BDA life span, they give a full review of technological
responses to the issues in BDA for wide scale wireless connections. They
2
Measurement: Sensors 23 (2022) 100407
also go through the open study questions and the future paths in this
exciting field.
In [11]Operators can discover and analyze any anomalies and
anticipate network efficiency because to the large number of informa­
tion accessible in operating cellular operators. Implications of developed
machine learning (ML) methodologies on information consolidated from
various inputs, in specific, could yield valuable insights, not just for
detecting anomalous behaviour but also for efficiency predicting, inte­
grating traditional network implementation and maintenance services
with smart tracking equipment. In this study, they present a new
approach for diagnosing networking faults and analysing their impacts
on major efficiency metrics by combining varied data sources from a
functional LTE network and applying machine learning methods.
According to this study [12]in Long-Term Evolution (LTE) systems,
the Sleeping Cell issue is a specific sort of cellular deterioration. In ac­
tuality, a cell interruption results in a loss of networking services, and it
is frequently just discovered after repeated customer complaints to op­
erators. A cell in this research goes to sleep owing to a Random Access
Channel (RACH) error, which could be caused by hardware or software
issues. They present a data mining-based approach for detecting
dysfunctional cells. The evaluation of event sequencing provided by
User Equipment (UE) to a providing Base Station (BS) is at its founda­
tion. An anomaly identification method is a critical component of the
created technology.Utilizing Receiver Operating Characteristic (ROC)
and Precision-Recall graphs, they examine the effectiveness of distances,
probabilistic-based techniques, and centroid distance. Furthermore, a
conceptual evaluation of the computing efficiency of the techniques is
offered. The sleeping cell identification methodology is tested utilizing
the Minimization of Drive Testing (MDT) feature in a dynamic LTE
network simulation. It has been demonstrated that the sleeping cell may
be located.
In this research [13]Anomaly identification relates to approaches for
detecting odd actions that could jeopardise communications system
performance and security. A unique approach for networking anomaly
identification is presented in this research, which combines K-means
clustering, baseline, and particle swarm optimization (PSO). K-means is
a supervised learning clustering technique intended to recognize char­
acteristics or patterns in sets of information, and the baseline consisting
of networking traffic normal behaviour characteristics developed by
applying the Baseline for Automatic Backbone Management (BLGBA)
prototype to SNMP historical network datasets.The outcomes of the
testing in real-world network architecture demonstrated that the sug­
gested technique is capable of detecting volume irregularities in
real-world network traffic and achieves excellent findings.
In [14]Data mining methods allow you to examine enormous vol­
umes of information for recurring structures and principles. They could
be utilised to identify attacks, intrusions, and abnormalities when
implemented to network monitored data collected on a server or in a
networks. This study provides a description of Network Data Mining,
which is the implementation of data mining methodologies to network
packet and flow conditions, as well as a comparison of existing meth­
odologies. A novel flow-based anomaly identification system depending
on the K-mean clustering technique is also presented.The identification
accuracy is improved by using the clustering technique independently
for various applications (defined by their port number and transport
protocol). The findings of the initial studies, which used both created
and actual traffic, were analysed and reported.
3. Hybrid proposed methodology (DM – ADs)
Anomaly detection system is dependent on a Dirichlet mixing pro­
totype that has been combined with a decision-making mechanism
predicated on the lower-upper Interquartile interval. Furthermore, in
these networks, high networking information is a barrier, as unnecessary
characteristics might degrade effectiveness of the method. The large
complexity of networking information makes it much more difficult to
Y.M. Abd Algani et al.
distinguish between regular and aberrant behaviour in communication
networks. The effectiveness of an ADS technology is a top goal, but it’s
also important to evaluate the time it takes to identify an approach. The
three components of our anomaly identification system are as follows.
3.1. The Dirichlet mixture model (DM)
The anomaly identification component, which consists of three
phases as shown in Fig. 1, is presented below. The initial phase is data
pre-processing to clean the input, the following phase is the important
phase, which is anomaly detection to build a collection of anomalies,
and the third phase is post-processing to enhance the identification
findings utilizing a variety of algorithms [15]. The next sections go into
the specifics.
3.2. Data pre-processing
A vast number of cells gather the different NSL- KDD data sources
necessary for DNA processing throughout time. At pre-determined du­
rations, NSL- KDD readings are obtained from the units. Data cleaning is
required for the anomaly identification component because the primary
information frequently contains excessive data and missing data (which
could be anomalies). Because recovering lost information is challenging,
the selectors are utilised to choose the valid NSL- KDD recordings [16].
Extreme values are also omitted from our training dataset, although they
would be involved in the anomaly identification technique.
Fig. 1. Proposed DM – ADs block diagram.
3
Measurement: Sensors 23 (2022) 100407
3.2.1. Dividing a data set
The importance of set of data dividing is that it divides an established
NSL- KDD data set into a trained dataset (Dtrain ) and a tested dataset
(Dtest ), with two methodologies: slide-window and single shot. The
former basically divides the dataset into trained and tested sets, but the
sliding-window technique extends the window as more information
comes, removing the previous information from the windows [17].
3.2.2. Model of training
We’ll use the trained set (Dtrain ) to train a prototype after the pre­
ceding phase. In the statistical prototype, we use the Univariate
Anomaly Detection (UAD) prototype for effectiveness. The UAD proto­
type is distinguished by the variable Top-Bottom-Percentile (TBP),
which represents the lower and upper percentiles, as well as the
thresholds, which is calculated using TBP as sgown in Eqn (1).
Dmax = quantile(Dtrain , TBP) (1)
The top percentile and bottom percentile, alternatively, are
employed as parameters for anomaly identification in throughput KQI
and latency KQI [18].
3.2.3. Anomaly detection
The testing set of information is finally examined for anomalies. We
utilize the thresholds variable Dmax trained in step two to locate anom­
alous values and consider them as outliers for information gathered
during the similar duration of time in the dataset. This technique can
happen again at any moment.
Y.M. Abd Algani et al. Measurement: Sensors 23 (2022) 100407

3.3. Post-processing Table 1

Confusion matrix with dirichlet mixture prototype for anomaly detection.
The anomaly detection creates a lot of false abnormalities because Dataset Normal Probe U2R R2L DoS
there are frequent anomalies that don’t imply system efficiency
NSL – KDD 250 200 50 200 300
decrease. To reduce the false anomalies, we devise a series of filtration,
which will be discussed in further depth in the sequels.KQI parameters,
such as throughput, are usually great whenever the system has a low
traffic flow. When the trained information collection (Dtrain ) is inade­ Table 2
The subcategories of the fundamental types of wireless network attacking traffic
quate, these variables might be recognized as abnormalities [19]. To
used in the research are listed.
prevent false anomalies, the universal range thresholds filtering uses a
threshold established from historical information to classify out incon­ Class of attacks Types of attacks

sequential anomalies.The abovementioned NSL- KDDsare averaged Probe Nmap, Satan, Ipsweep, Portsweep
across a set duration of time, such as an hour. When there are only a U2R Loadmodule
R2L Ftp write, Phf, Guess Password, Warezmaster Imap
couple activities within short hours, the KQI levels are low and might be
DoS Smurf, Back, Pod, Land, Neptune, Teardrop
misinterpreted as abnormalities. To eliminate this form of false abnor­
mality, a counting filtering is used to select out the hours with insuffi­
cient activities [20].
When a network fault develops, KQI levels [21] will decline during Table 3
Comparison of anomaly detection using various methods.
several hours. Anomalies can occur as an outcome of network traffic
fluctuations, for example. We created a regular statistical filtering that Methods Accuracy (in %)
establishes a p threshold, analyses the number of anomalies each day, NN (neural network) 74.70
and utilises the threshold to identify days when the number of anomalies K-NN (K-Nearest Neighbour) 71.10
exceeds p. Lastly, to eliminate false anomalies, anomalies that are not in SVM (support vector machine) 76.12
DM – ADs (proposed method) 79.62
these durations are eliminated.Non-significant abnormalities must be
eliminated more in real-world engineering implementations. The
magnitude filtering is designed to address this requirement. The ranges of network traffic attacking subcategories. As shown in Table 1, the NSL-
are defined as mag(a) = (a − μ)/σ , where the NSL- KDD is represented KDD database has 1000 cases divided into five types (see Table 3) (see
as a, and the standard deviations and means are represented as σ andμ, Table 2).
correspondingly. The level of anomalies of x is represented by mag(x).
The filtration establishes a Tmag threshold based on this magnitude to
discriminate among other categories of anomaly and major anomaly 4.1. Performance metrics
[22].
Precision, recall, and F-measure are few of the efficiency metrics
Algorithm 1. Decision making algorithm (DM) used to evaluate the proposed technique’s success. TN , TP , FN ,
′ ′ ′

and FP , which represent for true negative, true positive, false negative,
′

and false positive, are the most important elements.

4. Experimental results and discussion 4.1.1. Precision (P)

Precision is defined as the percentage ratio of true positives (TP )
′

This chapter goes over the databases that were utilised to evaluate recognized records divided by the sum of true positives (TP ) and false
′

the suggested Dirichlet Mixtures methodology, as well as the evaluating positives (FP ) classified records (P).
′

criteria that were utilised to comparing the suggested method to various

current approaches. At last, the characteristics chosen from the NSL-
′
TP
precision = × 100 (2)
KDD databases are discussed, along with their statistical conclusions TP + FP′
′

[23].
Using all of the characteristics from the NSL – KDD dataset, the
identification efficiency and training duration for different forms of at­
tacks are investigated. A total of 1000 data observations from several
categories of wireless network traffic attacks are used in addition to
ordinary network activity. Instances are collected from the major types
4.1.2. Recall (R)
The recall percentage is calculated by dividing the number of true
positive records by the total number of true positives (TP’P and false
negatives (FN′ ) categorised records (R).

4
Y.M. Abd Algani et al. Measurement: Sensors 23 (2022) 100407

Fig. 2. Flow chart for anomaly detection.

The suggested technology’s effectiveness is compared to the current

approaches average, Dirichlet mixture model anomaly detection with
precision, recall, and F-measure in Fig. 3(see Fig. 2).
In this part, we present outcomes that assess and demonstrate the
efficacy of the suggested methodology in both artificial and actual
implementations, such as picture classification and the difficult chal­
lenge of anomaly identification. The purpose of the artificial information
is to evaluate the efficiency of the various method to the deterministic
strategy given in Ref. [24], whereas the objective of the actual imple­
mentations is to evaluate the efficiency of limited Dirichlet Mixtures and
numerous additional various approaches. We start with a large amount
of elements (15 in this work) and identical combining co-efficients in our
tests. We have to normalise the information collection so that one
characteristic does not dominate the others in the method because the
characteristics are on various dimensions in the set of data [3]. Every
information example in our input collection has 41 characteristics, 34 of
Fig. 3. Performance comparison. which are numerical and 7 of which are symbolism. Just the 34 nu­
merical characteristics are employed in our tests (every data is therefore
expressed as 34 – Dvectors). We could convert a characteristic Xl in a
′
TP
recall = × 100 (3)
TP + FN ′
′
data item X into the domain of [0, 1] by Xl = (XL − min(Xl ))/(max(Xl ) −
min(Xl)), where Xl is assigned to a minimal amount if the maximum is
4.1.3. F-measure (F) equivalent to the minimum.Following that, the characteristic variables
The F-measure is the harmonic mean of precision and recall, which are normalised to the unit sum. The detection performance is 79.62%,
suggests a balance among the two. according to these matrices. Table 3summarises the identification
findings using additional methods, such as NN (neural network), K-NN
P×R
F − measure = 2( ) (4) (K-Nearest Neighbour), SVM (support vector machine) trained in a
P+R

5
Y.M. Abd Algani et al.
Fig. 4. Accuracy graph of the system.
deterministic manner. Including these findings, the DM – ADs improves
some other techniques considerably, as determined by a student’s t-test.
Furthermore, our methodology beats three additional methodologies: a
neural networks (NN - 73.68%), the KNN (70.13%) as well as SVM
(75.81%) techniques provided in Refs. [25,26] as shown in Figs. 3 and 4.
5. Conclusion
The current state-of-the-art anomaly identification approaches in
mobile networks, as well as the problems posed by large information,
were described in this research. A new anomaly detection method DM –
ADs was described, which was based on the study of information in
mobile networks. In addition, we provided an interesting variational
learning approach for finite Dirichlet mixture prototypes. This research
could be used to better analyze user behaviour in future smart cities.
Users’ relevant knowledge, including such movement patterns, traffic
patterns, content preferences, social networks and connections, could all
be understood using a big data analytics method. Smart and talented
capacity management techniques for effective resources usage could be
constructed using this insightful data. Future study could focus on
incorporating a characteristic selection element into the suggested
structure or expanding the proposed approach to include the infinite
situation.
Credit author statement
Yousef Methkal Abd Algani: Conceptualization of proposed system
and supervision. G Arul Freeda Vinodhini: Mathematical Conceptuali­
zation of Dirichlet systems. K. Ruth Isabels: Mathematical Conceptuali­
zation of Dirichlet systems and ML models. Chamandeep Kaur: Data
Collection. Mark Treve: Ethical analysis. B. Kiran Bala: Implementation.
S. Balaji: Implementation and Evaluation. G.Usha Devi: Implementation
and Evaluation.
Declaration of competing interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influence
the work reported in this paper.
References
[1] A Dirichlet Process Mixture of Dirichlet Distributions for Classification and
Prediction, IEEE Workshop on Machine Learning for Signal Processing, 2008,
pp. 297–302. IEEE).
Measurement: Sensors 23 (2022) 100407
[2] Dujia Yang, Dandan Miao, Xiaowei Qin, Wei Guo, A novel anomaly detection with
temporal and spatial aggregation in mobile networks, in: 2016 8th International
Conference on Wireless Communications & Signal Processing (WCSP), 1–5, IEEE,
2016.
[3] Nizar Bouguila, Djemel Ziou, Unsupervised selection of a finite dirichlet mixture
model: an MML-based approach, IEEE Trans. Knowl. Data Eng. 18 (8) (2006)
993–1009.
[4] Mark William Woolrich, Timothy E. Behrens, Variational bayes inference of spatial
mixture models for segmentation, IEEE Trans. Med. Imag. 25 (10) (2006)
1380–1391.
[5] Gabriela F. Ciocarlie, Ulf Lindqvist, Szabolcs Nováczki, Henning Sanneck,
Detecting anomalies in cellular networks using an ensemble method, in:
Proceedings of the 9th International Conference on Network and Service
Management (CNSM 2013), 171–74, 2013 (IEEE).
[6] Jagannadan Varadarajan, Ramanathan Subramanian, Narendra Ahuja,
Pierre Moulin, Jean-Marc Odobez, Active online anomaly detection using dirichlet
process mixture model and Gaussian process classification, in: 2017 IEEE Winter
Conference on Applications of Computer Vision (WACV), 615–23, 2017 (IEEE).
[7] Yogesh Pawar, Nuha Zamzami, Nizar Bouguila, An effective hybrid anomaly
detection system based on mixture models, in: 2020 International Symposium on
Networks, Computers and Communications (ISNCC), 2020, pp. 1–6 (IEEE).
[8] M. Bahrololum, M. Khaleghi, Anomaly intrusion detection system using
hierarchical Gaussian mixture model, Int. J. Comput. Sci. Net. Secur. 8 (8) (2008)
264–271.
[9] Enrique Castillo, S Hadi Ali, Cristina Solares, Learning and updating of uncertainty
in dirichlet models, Mach. Learn. 26 (1) (1997) 43–63.
[10] Hong-Ning Dai, Raymond Chi-Wing Wong, Hao Wang, Zibin Zheng, Athanasios
V. Vasilakos, Big data analytics for large-scale wireless networks: challenges and
opportunities, ACM Comput. Surv. 52 (5) (2019) 1–36.
[11] Jessica Moysen, Furqan Ahmed, Mario García-Lozano, Jarno Niemelä, Big data-
driven automated anomaly detection and performance forecasting in mobile
networks, in: 2020 IEEE Globecom Workshops (GC Wkshps, 2020, pp. 1–5 (IEEE).
[12] Sergey Chernov, Michael Cochez, Tapani Ristaniemi, Anomaly detection
algorithms for the sleeping cell detection in LTE networks, in: 2015 IEEE 81st
Vehicular Technology Conference (VTC Spring), IEEE, 2015, pp. 1–5.
[13] M.F. Lima, Bruno B. Zarpelao, Lucas DH Sampaio, Joel JPC Rodrigues,
Taufik Abrao, Mario Lemes Proença, Anomaly detection using baseline and K-
means clustering, in: SoftCOM 2010, 18th International Conference on Software,
Telecommunications and Computer Networks, 305–9, 2010 (IEEE).
[14] Gerhard Münz, Sa Li, Georg Carle, Traffic anomaly detection using K-means
clustering, in: GI/ITG Workshop MMBnet, 2007, pp. 13–14.
[15] Nour Moustafa, Gideon Creech, Jill Slay, Big data analytics for intrusion detection
system: statistical decision-making using finite dirichlet mixture models, in: Data
Analytics and Decision Support for Cybersecurity, 127–56, 2017 (Springer).
[16] Mohiuddin Ahmed, Mahmood Abdun Naser, Jiankun Hu, A survey of network
anomaly detection techniques, J. Netw. Comput. Appl. 60 (2016) 19–31.
[17] Pedro Casas, Alessandro D’Alconzo, Pierdomenico Fiadino, Christian Callegari,
Detecting and diagnosing anomalies in cellular networks using random neural
networks, in: 2016 International Wireless Communications and Mobile Computing
Conference (IWCMC), 351–56, 2016 (IEEE).
[18] Yunchuan Sun, Houbing Song, Antonio J. Jara, Rongfang Bie, Internet of things
and big data analytics for smart and connected communities, IEEE Access 4 (2016)
766–773.
[19] Mennatallah Amer, Slim Abdennadher, Comparison of unsupervised anomaly
detection techniques, Bachelor’s Thesis 1 (2011) 1–44.
[20] Md Salik Parwez, Danda B. Rawat, Moses Garuba, Big data analytics for user-
activity analysis and user-anomaly detection in mobile wireless network, IEEE
Trans. Ind. Inf. 13 (4) (2017) 2058–2065.
[21] Dujia Yang, Dandan Miao, Xiaowei Qin, Wei Guo, A novel anomaly detection with
temporal and spatial aggregation in mobile networks, in: 2016 8th International
Conference on Wireless Communications & Signal Processing (WCSP), 1–5, IEEE,
2016.
[22] Bing Li, Shengjie Zhao, Rongqing Zhang, Qingjiang Shi, Kai Yang, Anomaly
detection for cellular networks using big data analytics, IET Commun. 13 (20)
(2019) 3351–3359.
[23] Wentao Fan, Nizar Bouguila, Djemel Ziou, Variational learning for finite dirichlet
mixture models and applications, IEEE Transact. Neural Networks Learn. Syst. 23
(5) (2012) 762–774.
[24] Nizar Bouguila, Djemel Ziou, Jean Vaillancourt, Unsupervised learning of a finite
mixture model based on the dirichlet distribution and its application, IEEE Trans.
Image Process. 13 (11) (2004) 1533–1543.
[25] Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo,
A geometric framework for unsupervised anomaly detection, in: Applications of
Data Mining in Computer Security, 2002, pp. 77–101 (Springer).
[26] Anup K. Ghosh, Aaron Schwartzbard, A study in using neural networks for anomaly
and misuse detection, USENIX Secur. Sympos. 99 (1999) 12.