A New Algorithm Combining Self Organizing Map with Simulated Annealing Used in Intrusion Detection

The effect of clustering by Self Organizing Map (SOM) is always effective in intrusion detection (IDS). But there are still some limitations in the algorithm of SOM, such as the algorithm is easy to get into the local minimum, detection accuracy is low, the convergence speed is slow and so on. In this paper, to improve the accuracy and convergence rate, we use Simulated Annealing (SA) algorithm to refine the weight of SOM. SA algorithm find the optimal point by a form of probability, and it is proved that if enough time is given, the SA can certainly find the optimal point. The algorithm is divided into two steps: first, use traditional SOM algorithm to train samples; second, adjust the weight of excited neuron and its neighborhoods by SA algorithm. The simulation experiment results illuminate that the application performs fairly more effective.

[1]  John C. McEachen,et al.  Aggregating Distributed Sensor Data for Network Intrusion Detection , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[2]  Randal T. Abler,et al.  Implementing distributed internet security using a firewall collaboration framework , 2007, Proceedings 2007 IEEE SoutheastCon.

[3]  Da-Xin Tian,et al.  ANNIDS: intrusion detection system based on artificial neural network , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[4]  Zheng Yuan,et al.  Intrusion Detection for Wireless Sensor Networks Based on Multi-agent and Refined Clustering , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[5]  Li Zhang,et al.  Application of Support Vector Machine and Genetic Algorithm to Network Intrusion Detection , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[6]  Makoto Shimamura,et al.  Using Attack Information to Reduce False Positives in Network IDS , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[7]  W.W.Y. Ng,et al.  Refinement of rule-based intrusion detection system for denial of service attacks by support vector machine , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[8]  Tommy W. S. Chow,et al.  Self-Organizing and Self-Evolving Neurons: A New Neural Network for Optimization , 2007, IEEE Transactions on Neural Networks.

[9]  L.L. DeLooze Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps , 2006, 2006 IEEE Information Assurance Workshop.