Intrusion detection systems and multisensor data fusion
Communications of the ACM
ACM Transactions on Information and System Security (TISSEC)
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
Winning the KDD99 classification cup: bagged boosting
ACM SIGKDD Explorations Newsletter
KDD-99 classifier learning contest LLSoft's results overview
ACM SIGKDD Explorations Newsletter
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Self organization of a massive document collection
IEEE Transactions on Neural Networks
The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data
IEEE Transactions on Neural Networks
Application of the ANNA neural network chip to high-speed character recognition
IEEE Transactions on Neural Networks
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognition
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Review: The use of computational intelligence in intrusion detection systems: A review
Applied Soft Computing
Study of neural network technologies in intrusion detection systems
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Filtering intrusion detection alarms
Cluster Computing
Topology preserving SOM with transductive confidence machine
DS'10 Proceedings of the 13th international conference on Discovery science
An Optimum-Path Forest framework for intrusion detection in computer networks
Engineering Applications of Artificial Intelligence
A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection
Journal of Parallel and Distributed Computing
Engineering Applications of Artificial Intelligence
| Hi-index | 0.00 |
Purely based on a hierarchy of self-organizing feature maps (SOMs), an approach to network intrusion detection is investigated. Our principle interest is to establish just how far such an approach can be taken in practice. To do so, the KDD benchmark data set from the International Knowledge Discovery and Data Mining Tools Competition is employed. Extensive analysis is conducted in order to assess the significance of the features employed, the partitioning of training data and the complexity of the architecture. Contributions that follow from such a holistic evaluation of the SOM include recognizing that (1) best performance is achieved using a two-layer SOM hierarchy, based on all 41-features from the KDD data set. (2) Only 40% of the original training data is sufficient for training purposes. (3) The 'Protocol' feature provides the basis for a switching parameter, thus supporting modular solutions to the detection problem. The ensuing detector provides false positive and detection rates of 1.38% and 90.4% under test conditions; where this represents the best performance to date of a detector based on an unsupervised learning algorithm.