IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Anomaly Detection in Embedded Systems
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
Network Intrusion Detection Using an Improved Competitive Learning Neural Network
CNSR '04 Proceedings of the Second Annual Conference on Communication Networks and Services Research
Expert Systems with Applications: An International Journal
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Determining the operational limits of an anomaly-based intrusion detector
IEEE Journal on Selected Areas in Communications
Dynamic self-organizing maps with controlled growth for knowledge discovery
IEEE Transactions on Neural Networks
The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data
IEEE Transactions on Neural Networks
IWANN'11 Proceedings of the 11th international conference on Artificial neural networks conference on Advances in computational intelligence - Volume Part I
Hi-index | 0.00 |
This paper presents a hierarchical self-organizing neural network for intrusion detection. The proposed neural model consists of a hierarchical architecture composed of independent growing self-organizing maps (SOMs). The SOMs have shown to be successful for the analysis of high-dimensional input data as in data mining applications such as network security. An intrusion detection system (IDS) monitors the IP packets flowing over the network to capture intrusions or anomalies. One of the techniques used for anomaly detection is building statistical models using metrics derived from observation of the user's actions. The proposed growing hierarchical SOM (GHSOM) address the limitations of the SOM related to their static architecture. Experimental results are provided by applying the well-known KDD Cup 1999 benchmark data set, which contains a great variety of simulated networks attacks. Randomly selected subsets that contain both attacks and normal records from this benchmark are used for training the GHSOM. Before training, a transformation for qualitative features present in the benchmark data set is proposed in order to compute distance among qualitative values. Comparative results with other related works are also provided.