High Resolution SOM Approach to Improving Anomaly Detection in Intrusion Detection Systems

Machine learning in general and artificial neural networks in particular are commonly used to address the problem of detecting anomalies in intrusion detection systems. Self-Organizing Maps (SOMs) have been shown to be a promising tool for this purpose, but the limitation of the cardinality of their display space has resulted in SOMs being a black box method and impeded the design of a simpler network architecture. High resolution SOMs are a very recent development that can overcome these problems. This paper explores how high resolution SOMs can help with anomaly detection in intrusion detection systems. Experiments on a large and well established benchmark problem show that high resolution SOMs improve results while allowing a simple network architecture. It is also shown that high resolution SOMs allow the development of better understanding of the results and the problem domain.

[1]  I. Sumaiya Thaseen,et al.  Network attacks identification using consistency based feature selection and self organizing maps , 2014, 2014 First International Conference on Networks & Soft Computing (ICNSC2014).

[2]  Hemanta Kumar Kalita,et al.  Analysis of Machine Learning Techniques Based Intrusion Detection Systems , 2016 .

[3]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[4]  Ah Chung Tsoi,et al.  High Resolution Self-organizing Maps , 2016, Australasian Conference on Artificial Intelligence.

[5]  Malcolm I. Heywood,et al.  A Hierarchical SOM based Intrusion Detection System , 2008 .

[6]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[7]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[8]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[9]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[10]  S. T. Sarasamma,et al.  Hierarchical Kohonenen net for anomaly detection in network security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[11]  Antonio Martínez-Álvarez,et al.  Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps , 2014, Knowl. Based Syst..

[12]  A. Nur Zincir-Heywood,et al.  Using self-organizing maps to build an attack map for forensic analysis , 2006, PST.

[13]  Teuvo Kohonen,et al.  Self-organized formation of topologically correct feature maps , 2004, Biological Cybernetics.

[14]  T. Kohonen Self-organized formation of topographically correct feature maps , 1982 .