Lecture notes in computer science, 2003, p.36-54
2003
Details
- Autor(en) / Beteiligte
- Titel
- Detecting Anomalous Network Traffic with Self-organizing Maps
- Ist Teil von
- Lecture notes in computer science, 2003, p.36-54
- Ort / Verlag
- Berlin, Heidelberg: Springer Berlin Heidelberg
- Erscheinungsjahr
- 2003
- Link zum Volltext
- Quelle
- Alma/SFX Local Collection
- Beschreibungen/Notizen
- Integrated Network-Based Ohio University Network Detective Service (INBOUNDS) is a network based intrusion detection system being developed at Ohio University. The Anomalous Network-Traffic Detection with Self Organizing Maps (ANDSOM) module for INBOUNDS detects anomalous network traffic based on the Self-Organizing Map algorithm. Each network connection is characterized by six parameters and specified as a six-dimensional vector. The ANDSOM module creates a Self-Organizing Map (SOM) having a two-dimensional lattice of neurons for each network service. During the training phase, normal network traffic is fed to the ANDSOM module, and the neurons in the SOM are trained to capture its characteristic patterns. During real-time operation, a network connection is fed to its respective SOM, and a “winner” is selected by finding the neuron that is closest in distance to it. The network connection is then classified as an intrusion if this distance is more than a pre-set threshold.
- Sprache
- Englisch
- Identifikatoren
- ISBN: 3540408789, 9783540408789ISSN: 0302-9743eISSN: 1611-3349DOI: 10.1007/978-3-540-45248-5_3Titel-ID: cdi_pascalfrancis_primary_15690768
- Format
- –
- Schlagworte
- Anomaly Detection, Applied sciences, Computer science, control theory, systems, Computer systems and distributed systems. User interface, Exact sciences and technology, Intrusion Detection, Memory and file management (including protection and security), Memory organisation. Data processing, Self-Organizing Maps, Software