Neural projection techniques for the visual inspection of network traffic

Authors:
Álvaro Herrero;Emilio Corchado;Paolo Gastaldo;Rodolfo Zunino
Affiliations:
Civil Engineering Department, University of Burgos, C/ Francisco de Vitoria s/n, 09006 Burgos, Spain;Civil Engineering Department, University of Burgos, C/ Francisco de Vitoria s/n, 09006 Burgos, Spain;Department of Biophysical and Electronic Engineering (DIBE), Genoa University, Via Opera Pia 11a, 16145 Genoa, Italy;Department of Biophysical and Electronic Engineering (DIBE), Genoa University, Via Opera Pia 11a, 16145 Genoa, Italy
Venue:
Neurocomputing
Year:
2009

Citing 38
Cited 4

Parallel distributed processing: explorations in the microstructure of cognition, vol. 1: foundations

Parallel distributed processing: explorations in the microstructure of cognition, vol. 1: foundations
Generalizations of principal component analysis, optimization problems, and neural networks

Neural Networks
Nonlinear component analysis as a kernel eigenvalue problem

Neural Computation
Towards an effective cooperation of the user and the computer for classification

Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Adaptive Intrusion Detection: A Data Mining Approach

Artificial Intelligence Review - Issues on the application of data mining
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach

Proceedings of the 2001 workshop on New security paradigms
Identifying enterprise network vulnerabilities

International Journal of Network Management
Visualizing Network Data

IEEE Transactions on Visualization and Computer Graphics
Benchmarking Anomaly-Based Detection Systems

DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit

Data Mining and Knowledge Discovery
Detecting Flaws and Intruders with Visual Data Analysis

IEEE Computer Graphics and Applications
Scatter (and other) plots for visualizing user profiling data and network traffic

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Intrusion detection using hierarchical neural networks

Pattern Recognition Letters
Complexity Pursuit: Separating Interesting Components from Time Series

Neural Computation
Hierarchical Visualization of Network Intrusion Detection Data

IEEE Computer Graphics and Applications
Focusing on Context in Network Traffic Analysis

IEEE Computer Graphics and Applications
A clustering-based method for unsupervised intrusion detections

Pattern Recognition Letters
An Anomaly Intrusion Detection System Based on Vector Quantization

IEICE - Transactions on Information and Systems
Factor-analysis based anomaly detection and clustering

Decision Support Systems
Letters: A hierarchical intrusion detection model based on the PCA neural networks

Neurocomputing
A hierarchical SOM-based intrusion detection system

Engineering Applications of Artificial Intelligence
Intrusion detection using a fuzzy genetics-based learning algorithm

Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection

Pattern Recognition
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers

Computer Communications
Intrusion detection in computer networks by a modular ensemble of one-class classifiers

Information Fusion
Visual Discovery in Computer Network Defense

IEEE Computer Graphics and Applications
A Nonlinear Mapping for Data Structure Analysis

IEEE Transactions on Computers
A Projection Pursuit Algorithm for Exploratory Data Analysis

IEEE Transactions on Computers
Threshold-based clustering with merging and regularization in application to network intrusion detection

Computational Statistics & Data Analysis
Detecting compounded anomalous SNMP situations using cooperative unsupervised pattern recognition

ICANN'05 Proceedings of the 15th international conference on Artificial neural networks: formal models and their applications - Volume Part II
Learning intrusion detection: supervised or unsupervised?

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Training genetic programming on half a million patterns: an example from anomaly detection

IEEE Transactions on Evolutionary Computation
Hierarchical Kohonenen net for anomaly detection in network security

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Min-max hyperellipsoidal clustering for anomaly detection in network security

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
An Automatically Tuning Intrusion Detection System

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Intrusion detection: a brief history and overview

Computer
ViSOM - a novel method for multivariate data projection and structure visualization

IEEE Transactions on Neural Networks

Testing ensembles for intrusion detection: On the identification of mutated network scans

CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
RT-MOVICAB-IDS: Addressing real-time intrusion detection

Future Generation Computer Systems
Applying soft computing techniques to optimise a dental milling process

Neurocomputing
A Bio-inspired knowledge system for improving combined cycle plant control tuning

Neurocomputing

Quantified Score

Hi-index	0.01

Visualization

Abstract

A crucial aspect in network monitoring for security purposes is the visual inspection of the traffic pattern, mainly aimed to provide the network manager with a synthetic and intuitive representation of the current situation. Towards that end, neural projection techniques can map high-dimensional data into a low-dimensional space adaptively, for the user-friendly visualization of monitored network traffic. This work proposes two projection methods, namely, cooperative maximum likelihood Hebbian learning and auto-associative back-propagation networks, for the visual inspection of network traffic. This set of methods may be seen as a complementary tool in network security as it allows the visual inspection and comprehension of the traffic data internal structure. The proposed methods have been evaluated in two complementary and practical network-security scenarios: the on-line processing of network traffic at packet level, and the off-line processing of connection records, e.g. for post-mortem analysis or batch investigation. The empirical verification of the projection methods involved two experimental domains derived from the standard corpora for evaluation of computer network intrusion detection: the MIT Lincoln Laboratory DARPA dataset.