An intrusion detection system model based on self-organizing map

Self-organizing map (SOM) neural network and pattern recognition methods were applied in this system. A two-layered SOM network was designed, containing SOM1 and SOM2. SOM1 was designed to distinguish attack patterns from normal ones, and SOM2 was designed to point out the specific type of attack patterns. The KDD benchmark dataset from the International Knowledge Discovery and Data Mining Tools Competition was employed for training and testing our prototype, and divergences were calculated for feature selection. Finally, 4 chief features were employed as input of the two SOMs. From our experimental results with different network data, our scheme achieved more than 98 percent detection rate and less than 2 percent false alarm rate, it could provide a precise and efficient way for implementing the classifier in intrusion detection.

[1]  Prasert Kanthamanon,et al.  Hybrid Neural Networks for Intrusion Detection System , 2002 .

[2]  Dominique Brodbeck,et al.  A Visual Approach for Monitoring Logs , 1998, LISA.

[3]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[4]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[5]  Peter L ichodzijewski Dynamic Intrusion Detection Using Self-Organizing Maps , 2002 .

[6]  Luc Girardin An Eye on Network Intruder-Administrator Shootouts , 1999, Workshop on Intrusion Detection and Network Monitoring.