Analyzing TCP traffic patterns using self organizing maps

Authors:
Stefano Zanero
Affiliations:
D.E.I.-Politecnico di Milano, Milano, Italy
Venue:
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Year:
2005

Citing 8
Cited 10

On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms

Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Clustering Algorithms

Clustering Algorithms
Self-Organizing Maps

Self-Organizing Maps
Parzen-Window Network Intrusion Detectors

ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 4 - Volume 4
Detection and classification of TCP/IP network services

ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Learning Rules for Anomaly Detection of Hostile Network Traffic

ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Unsupervised learning techniques for an intrusion detection system

Proceedings of the 2004 ACM symposium on Applied computing

ULISSE, a network intrusion detection system

Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Integrating Partial Models of Network Normality via Cooperative Negotiation: An Approach to Development of Multiagent Intrusion Detection Systems

WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02
Reducing false positives in anomaly detectors through fuzzy alert aggregation

Information Fusion
Review: The use of computational intelligence in intrusion detection systems: A review

Applied Soft Computing
Protecting a Moving Target: Addressing Web Application Concept Drift

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
A comparison of neural projection techniques applied to intrusion detection systems

IWANN'07 Proceedings of the 9th international work conference on Artificial neural networks
On the use of different statistical tests for alert correlation: short paper

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Intrusion detection at packet level by unsupervised architectures

IDEAL'07 Proceedings of the 8th international conference on Intelligent data engineering and automated learning
Towards self-organizing maps based computational intelligent system for denial of service attacks detection

INES'10 Proceedings of the 14th international conference on Intelligent engineering systems
Automatically building datasets of labeled IP traffic traces: A self-training approach

Applied Soft Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The continuous evolution of the attacks against computer networks has given renewed strength to research on anomaly based Intrusion Detection Systems, capable of automatically detecting anomalous deviations in the behavior of a computer system. While data mining and learning techniques have been successfully applied in host-based intrusion detection, network-based applications are more difficult, for a variety of reasons, the first being the curse of dimensionality. We have proposed a novel architecture which implements a network-based anomaly detection system using unsupervised learning algorithms. In this paper we describe how the pattern recognition features of a Self Organizing Map algorithm can be used for Intrusion Detection purposes on the payload of TCP network packets.