Intrusion detection at packet level by unsupervised architectures

Authors:
Álvaro Herrero;Emilio Corchado;Paolo Gastaldo;Davide Leoncini;Francesco Picasso;Rodolfo Zunino
Affiliations:
Department of Civil Engineering, University of Burgos, Burgos, Spain;Department of Civil Engineering, University of Burgos, Burgos, Spain;Dept. of Biophysical and Electronic Engineering, Genoa University, Genoa, Italy;Dept. of Biophysical and Electronic Engineering, Genoa University, Genoa, Italy;Dept. of Biophysical and Electronic Engineering, Genoa University, Genoa, Italy;Dept. of Biophysical and Electronic Engineering, Genoa University, Genoa, Italy
Venue:
IDEAL'07 Proceedings of the 8th international conference on Intelligent data engineering and automated learning
Year:
2007

Citing 10
Cited 0

Self-organizing maps

Self-organizing maps
Mining in a data-flow environment: experience in network intrusion detection

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Adaptive Intrusion Detection: A Data Mining Approach

Artificial Intelligence Review - Issues on the application of data mining
Information-Theoretic Measures for Anomaly Detection

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
An Anomaly Intrusion Detection System Based on Vector Quantization

IEICE - Transactions on Information and Systems
Detecting compounded anomalous SNMP situations using cooperative unsupervised pattern recognition

ICANN'05 Proceedings of the 15th international conference on Artificial neural networks: formal models and their applications - Volume Part II
Testing CAB-IDS through mutations: on the identification of network scans

KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Learning intrusion detection: supervised or unsupervised?

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Analyzing TCP traffic patterns using self organizing maps

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Hierarchical Kohonenen net for anomaly detection in network security

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion Detection Systems (IDS's) monitor the traffic in computer networks for detecting suspect activities. Connectionist techniques can support the development of IDS's by modeling 'normal' traffic. This paper presents the application of some unsupervised neural methods to a packet dataset for the first time. This work considers three unsupervised neural methods, namely, Vector Quantization (VQ), Self-Organizing Maps (SOM) and Auto-Associative Back-Propagation (AABP) networks. The former paradigm proves quite powerful in supporting the basic space-spanning mechanism to sift normal traffic from anomalous traffic. The SOM attains quite acceptable results in dealing with some anomalies while it fails in dealing with some others. The AABP model effectively drives a nonlinear compression paradigm and eventually yields a compact visualization of the network traffic progression.