Identification of anomalous SNMP situations using a cooperative connectionist exploratory projection pursuit model

Authors:
Álvaro Herrero;Emilio Corchado;José Manuel Sáiz
Affiliations:
Department of Civil Engineering, University of Burgos, Spain;Department of Civil Engineering, University of Burgos, Spain;Department of Civil Engineering, University of Burgos, Spain
Venue:
IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
Year:
2005

Citing 12
Cited 2

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A Neural Network for PCA and Beyond

Neural Processing Letters
The grid: blueprint for a new computing infrastructure

The grid: blueprint for a new computing infrastructure
The rectified Gaussian distribution

NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Identifying enterprise network vulnerabilities

International Journal of Network Management
Learning Program Behavior Profiles for Intrusion Detection

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Computer Host-Based User Anomaly Detection System Using the Self-Organizing Map

IJCNN '00 Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN'00)-Volume 5 - Volume 5
Unsupervised learning techniques for an intrusion detection system

Proceedings of the 2004 ACM symposium on Applied computing
Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit

Data Mining and Knowledge Discovery
Complexity Pursuit: Separating Interesting Components from Time Series

Neural Computation
A Projection Pursuit Algorithm for Exploratory Data Analysis

IEEE Transactions on Computers
Towards a grid-wide intrusion detection system

EGC'05 Proceedings of the 2005 European conference on Advances in Grid Computing

Detecting compounded anomalous SNMP situations using cooperative unsupervised pattern recognition

ICANN'05 Proceedings of the 15th international conference on Artificial neural networks: formal models and their applications - Volume Part II
Testing CAB-IDS through mutations: on the identification of network scans

KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

Thework presented in this paper shows the capability of a connectionist model, based on a statistical technique called Exploratory Projection Pursuit (EPP), to identify anomalous situations related to the traffic which travels along a computer network. The main novelty of this research resides on the fact that the connectionist architecture used here has never been applied to the field of IDS (Intrusion Detection Systems) and network security. The IDS presented is used as a method to investigate the traffic which travels along the analysed network, detecting SNMP (Simple Network Management Protocol) anomalous traffic patterns. In this paper we have focused our attention on the study of two interesting and dangerous anomalous situations: a port sweep and a MIB (Management Information Base) information transfer. The presented IDS is a useful visualization tool for network administrators to study anomalous situations related to SNMP and decide if they are intrusions or not. To show the power of the method, we illustrate our research by using real intrusion detection scenario specific data sets.