ACM Transactions on Information and System Security (TISSEC)
The Growing Hierarchical Self-Organizing Map
IJCNN '00 Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN'00)-Volume 6 - Volume 6
Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Application of SVM and ANN for intrusion detection
Computers and Operations Research
Outlier detection by active learning
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Network anomaly detection based on TCM-KNN algorithm
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A hierarchical SOM-based intrusion detection system
Engineering Applications of Artificial Intelligence
Testing Security Properties of Protocol Implementations - a Machine Learning Based Approach
ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems
Detecting anomalous records in categorical datasets
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
An adaptive automatically tuning intrusion detection system
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A New GHSOM Model Applied to Network Security
ICANN '08 Proceedings of the 18th international conference on Artificial Neural Networks, Part I
ACM Computing Surveys (CSUR)
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Research on Intrusion Detection Based on an Improved SOM Neural Network
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01
Expert Systems with Applications: An International Journal
Layered Approach Using Conditional Random Fields for Intrusion Detection
IEEE Transactions on Dependable and Secure Computing
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Hi-index | 0.00 |
The growing hierarchical self organizing map (GHSOM) has been shown to be an effective technique to facilitate anomaly detection. However, existing approaches based on GHSOM are not able to adapt online to the ever-changing anomaly detection. This results in low accuracy in identifying intrusions, particularly ''unknown'' attacks. In this paper, we propose an adaptive GHSOM based approach (A-GHSOM) to network anomaly detection. It consists of four significant enhancements: enhanced threshold-based training, dynamic input normalization, feedback-based quantization error threshold adaptation, and prediction confidence filtering and forwarding. We first evaluate the A-GHSOM approach for intrusion detection using the KDD'99 dataset. Extensive experimental results demonstrate that compared with eight representative intrusion detection approaches, A-GHSOM achieves significant overall accuracy improvement and significant improvement in identifying ''unknown'' attacks while maintaining low false-positive rates. It achieves an overall accuracy of 99.63%, and 94.04% accuracy in identifying ''unknown'' attacks while the false positive rate is 1.8%. To avoid drawing research results and conclusions solely based on experiments with the KDD dataset, we have also built a dataset (TD-Sim) that consists of a mixture of live trace data from the Lawrence Berkeley National Laboratory and simulated traffic based on our testbed network, ensuring adequate coverage of a variety of attacks. Performance evaluation with the TD-Sim dataset shows that A-GHSOM adapts to live traffic and achieves an overall accuracy rate of 97.12% while maintaining the false positive rate of 2.6%.