Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Data mining: concepts and techniques
Data mining: concepts and techniques
ACM Transactions on Information and System Security (TISSEC)
IEEE Transactions on Visualization and Computer Graphics
Case study: 3D displays of Internet traffic
INFOVIS '95 Proceedings of the 1995 IEEE Symposium on Information Visualization
The Honeynet Project: Trapping the Hackers
IEEE Security and Privacy
Hi-index | 0.00 |
In this work, we focus on developing behavioral models of known attacks to help security experts to identify the similarities between attacks. Furthermore, these attack behavior models can be used to analyze zero-day attacks, which security experts have limited knowledge of. To this end, a Self Organizing Feature Map (SOM) is employed to model the relationship between known attacks and U-Matrix representation is used to create a two dimensional topological map of known attacks. The approach is evaluated on KDD'99 data set. Results show that attacks with similar behavior patterns are placed together on the map. Moreover, when new attacks are presented, SOM assigned similar labels to the attacks that are newer versions of the known attacks.