Multiple Self-Organizing Maps for Intrusion Detection

The Kohonen self-organizing map is an extremely powerful mechanism for automatic mathematical characterization of acceptable system activity. Because it spontaneously develops a sophisticated characterization of the system whose behaviors it is trained to recognize, it could detect intrusions which it has never observed simply by noting the degree to which they differ from normal activity. After discussing the design of a network monitoring system which would maximize the potential of the self-organizing map, we describe briefly our experimental results in which a simpler system resoundingly detected two different exploits which we perpetrated against one of our servers.

[1]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Harold Joseph Highland,et al.  The 17th NSCS abstructArtificial Intelligence and Intrusion Detection: Current and Future Directions : Jeremy Frank, University of California, Davis, CA , 1995 .

[3]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.