A hierarchical SOM-based intrusion detection system

@article{Kayacik2007AHS,
  title={A hierarchical SOM-based intrusion detection system},
  author={Hilmi G{\"u}nes Kayacik and Ayse Nur Zincir-Heywood and Malcolm I. Heywood},
  journal={Eng. Appl. Artif. Intell.},
  year={2007},
  volume={20},
  pages={439-451}
}
A Survey on the Development of Self-Organizing Maps for Unsupervised Intrusion Detection
TLDR
By comparing with the two SOM-based intrusion detection systems, the overall goal of this survey is to comprehensively compare the primitive components and properties of SOM- based intrusion detection.
Hybrid Classification Approach Using Self-Organizing Map and Back Propagation Artificial Neural Networks for Intrusion Detection
TLDR
From the study and the result obtained it can be concluded that the combination of multi-tire classification approach has improved the detection rate of the IDS.
A Novel Soft Computing Inference Engine Model for Intrusion Detection
TLDR
A novel soft computing inference engine model for intrusion detection that utilizes causal knowledge inference based fuzzy cognitive maps (FCM) and multiple self organizing maps (SOM) to reduce the number of suspicious neurons.
High Resolution SOM Approach to Improving Anomaly Detection in Intrusion Detection Systems
TLDR
Experiments on a large and well established benchmark problem show that high resolution SOMs improve results while allowing a simple network architecture and allow the development of better understanding of the results and the problem domain.
Intrusion Detection System using Self Organizing Map: A Survey
TLDR
This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate and HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS.
Feature Construction Scheme for Efficient Intrusion Detection System
TLDR
A statistical feature construction scheme is proposed in which factor analysis is orthogonally combined with an optimized k-means clustering technique to exclude the redundancy of features optimally via the consideration of the similarity of feature responses through a clustering analysis based on the feature space reduced in a factor analysis.
Intrusion detection based on k-means clustering and OneR classification
TLDR
The proposed approach, KM+1R, combines the k-means clustering with the OneR classification technique and shows better results, particularly in reducing the false alarm.
A Hybrid Methodologies for Intrusion Detection Based Deep Neural Network with Support Vector Machine and Clustering Technique
TLDR
The experimental results show that the KDSVM not only performs better than SVM, BPNN, DBN-SVM and Bayes tree models in terms of detection accuracy and abnormal types of attacks found, but also provides an effective tool for the study and analysis of intrusion detection in the large network.
...
...

References

SHOWING 1-10 OF 28 REFERENCES
On the capability of an SOM based intrusion detection system
TLDR
An approach to network intrusion detection is investigated, based purely on a hierarchy of Self-Organizing Feature Maps, which is capable of detection (false positive) rates of 89% and is at least as good as the alternative data-mining approaches that require all 41 features.
Hierarchical Kohonenen net for anomaly detection in network security
TLDR
A novel multilevel hierarchical Kohonen Net for an intrusion detection system in which each layer operates on a small subset of the feature space is superior to a single-layer K-Map operating on the whole feature space in detecting a variety of attacks in terms of detection rate as well as false positive rate.
Detecting Anomalous Network Traffic with Self-organizing Maps
TLDR
The Anomalous Network-Traffic Detection with Self Organizing Maps (ANDSOM) module for INBOUNDS detects anomalous network traffic based on the Self-Organizing Map algorithm.
A data mining framework for building intrusion detection models
  • Wenke Lee, S. Stolfo, K. Mok
  • Computer Science
    Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)
  • 1999
TLDR
A data mining framework for adaptively building Intrusion Detection (ID) models is described, to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities.
Host-based intrusion detection using self-organizing maps
TLDR
Hierarchical SOMs are applied to the problem of host based intrusion detection on computer networks and specific recommendations are made regarding the representation of time, network parameters and SOM architecture.
Multiple Self-Organizing Maps for Intrusion Detection
TLDR
After discussing the design of a network monitoring system which would maximize the potential of the self-organizing map, the experimental results in which a simpler system resoundingly detected two different exploits which the authors perpetrated against one of their servers are described.
The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data
TLDR
The motivation was to provide a model that adapts its architecture during its unsupervised training process according to the particular requirements of the input data, and by providing a global orientation of the independently growing maps in the individual layers of the hierarchy, navigation across branches is facilitated.
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory
TLDR
The purpose of this article is to attempt to identify the shortcomings of the Lincoln Lab effort in the hope that future efforts of this kind will be placed on a sounder footing.
Fingerprint classification through self-organizing feature maps modified to treat uncertainties
TLDR
The results show that a network that is trained with a sufficiently large and representative set of samples can be used as an indexing mechanism for a fingerprint database, so that it does not need to be retrained for each fingerprint added to the database.
Self organization of a massive document collection
TLDR
A system that is able to organize vast document collections according to textual similarities based on the self-organizing map (SOM) algorithm, based on 500-dimensional vectors of stochastic figures obtained as random projections of weighted word histograms.
...
...