Using Improved GHSOM for Intrusion Detection

Self-organizing Maps (SOM) have been shown to be successful for intrusion detection. However, the static architecture and the lack of representation of hierarchical relations often results in low detection rates. The Growing Hierarchical SOM (GHSOM) addresses these limitations of SOM. In this paper, in order to obtain higher detection rate and improve the stability of intrusion detection, some improvements on GHSOM algorithm are made: (1) we introduce a new metric that includes both numerical and symbolic data as input patterns. (2) by using Tension and Mapping Ratio (TMR) instead of parameter τ1, the growth of a map is automatically controlled. This improved GHSOM is implemented and applied to intrusion detection. The validity of this approach is confirmed through experiments on KDD Cup 99 datasets. Our experimental results show that the detection rate has been increased by employing the improved GHSOM compared to the original SOM and GHSOM.

[1]  Min Xia,et al.  Research on Intrusion Detection Based on an Improved SOM Neural Network , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[2]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[3]  Gerhard Widmer,et al.  A new approach to hierarchical clustering and structuring of data with Self-Organizing Maps , 2004, Intell. Data Anal..

[4]  José Muñoz,et al.  An Intrusion Detection System Based on Hierarchical Self-Organization , 2008, CISIS.

[5]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[6]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[7]  José Muñoz,et al.  A New GHSOM Model Applied to Network Security , 2008, ICANN.

[8]  Yi-Chung Hu,et al.  Grey self-organizing feature maps , 2002, Neurocomputing.

[9]  Nashat Mansour,et al.  Growing Hierarchical Self-Organizing Map for Filtering Intrusion Detection Alarms , 2008, 2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008).

[10]  Michael Georgiopoulos,et al.  Using self-organizing maps to learn geometric hash functions for model-based object recognition , 1998, IEEE Trans. Neural Networks.

[11]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[12]  Andreas Rauber,et al.  The growing hierarchical self-organizing map , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[13]  Y. Wang,et al.  Model of Network Intrusion Detection System based on BP Algorithm , 2006, 2006 1ST IEEE Conference on Industrial Electronics and Applications.

[14]  Vladimir A. Golovko,et al.  Joint Conference on Neural Networks , Orlando , Florida , USA , August 12-17 , 2007 Dimensionality Reduction and Attack Recognition using Neural Network Approaches , 2007 .

[15]  Bernhard Sick,et al.  Evolutionary optimization of radial basis function networks for intrusion detection , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[16]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[17]  Andreas Rauber,et al.  The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data , 2002, IEEE Trans. Neural Networks.

[18]  Philippe Leray,et al.  Growing Hierarchical Self-Organizing Map for Alarm Filtering in Network Intrusion Detection Systems , 2007 .

[19]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .