Anomaly Detection in Embedded Systems
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection
Journal of Parallel and Distributed Computing
Hi-index | 0.00 |
The self-organizing map (SOM) have shown to be successful for the analysis of high-dimensional input data as in data mining applications such as network security. However, the static architecture and the lack of representation of hierarchical relations are its main drawbacks. The growing hierarchical SOM (GHSOM) address these limitations of the SOM. The GHSOM is an artificial neural network model with hierarchical architecture composed of independent growing SOMs. One limitation of these neural networks is that they just take into account numerical data, even though symbolic data can be present in many real life problems. In this paper a new GHSOM model with a new metric incorporing both numerical and symbolic data is proposed. This new GHSOM model is proposed for detecting network intrusions. An intrusion detection system (IDS) monitors the IP packets flowing over the network to capture intrusions or anomalies. One of the techniques used for anomaly detection is building statical models using metrics derived from observation of the user's actions. Randomly selected subsets that contains both attacks and normal records from the KDD Cup 1999 benchmark are used for training the proposed GHSOM. Experimental results are provided and compared to other hierarchical neural networks.