Abstract
Machine learning in general and artificial neural networks in particular are commonly used to address the problem of detecting anomalies in intrusion detection systems. Self-Organizing Maps (SOMs) have been shown to be a promising tool for this purpose, but the limitation of the cardinality of their display space has resulted in SOMs being a black box method and impeded the design of a simpler network architecture. High resolution SOMs are a very recent development that can overcome these problems. This paper explores how high resolution SOMs can help with anomaly detection in intrusion detection systems. Experiments on a large and well established benchmark problem show that high resolution SOMs improve results while allowing a simple network architecture. It is also shown that high resolution SOMs allow the development of better understanding of the results and the problem domain.
This is a preview of subscription content, log in via an institution to check access.
References
Kohonen, T.: Self-organized formation of topologically correct feature maps. Biol. Cybern. 43(1), 59–69 (1982)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: On the capability of an SOM based intrusion detection system. In: Proceedings of the International Joint Conference on Neural Networks, vol. 3, pp. 1808–1813, July 2003
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: A hierarchical SOM-based intrusion detection system. Eng. Appl. Artif. Intell. 20, 439–451 (2007)
Sarasamma, S.T., Zhu, Q.A., Huff, J.: Hierarchical Kohonenen net for anomaly detection in network security. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 35(2), 302–312 (2005)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Using self-organizing maps to build an attack map for forensic analysis. In: Proceedings of the International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services (PST), pp. 33:1–33:8, ACM (2006)
Nguyen, V.T, Hagenbuchner, M., Tsoi, A.C.: High resolution self-organising maps. In: The 29th Australasian Joint Conference on Artificial Intelligence (2016)
Hettich, S., Bay, S.D.: KDD Cup 1999 data. UCI KDD Archive, University of California, Irvine, Department of Information and Computer Science (1999)
Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based modeling for fraud and intrusion detection: results from the JAM project. In: Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX 2000), vol. 2, pp. 130–144 (2000)
Lippmann, R.P., Cunningham, R., Fried, D., Garfinkel, S., Gorton, A., Graf, I., Kendall, K., McClung, D., Weber, D., Webster, S., et al.: MIT Lincoln laboratory offline component of DARPA 1998 intrusion detection evaluation. In: Presentation at MIT Lincoln Laboratory PI Meeting (1988) http://ideval.ll.mit.edu/intro-html-dir/. Accessed 14 Dec 1998
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (2009)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the 3rd Annual Conference on Privacy, Security and Trust (2005)
Fernando, Z.T., Thaseen, I.S., Kumar, C.A.: Network attacks identification using consistency based feature selection and self organizing maps. In: Proceedings 2014 First International Conference on Networks Soft Computing (ICNSC), pp. 162–166, August 2014
de la Hoz, E., de la Hoz, E., Ortiz, A., Ortega, J., Martnez-lvarez, A.: Feature selection by multi-objective optimisation: application to network anomaly detection by hierarchical self-organising maps. Knowl. Based Syst. 71, 322–338 (2014)
Lin, W.-C., Ke, S.-W., Tsai, C.-F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl. Based Syst. 78, 13–21 (2015)
Sharma, R.K., Kalita, H.K., Borah, P.: Analysis of machine learning techniques based intrusion detection systems. In: Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics (ICACNI), vol. 2, pp. 485–493 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Saraswati, A., Hagenbuchner, M., Zhou, Z.Q. (2016). High Resolution SOM Approach to Improving Anomaly Detection in Intrusion Detection Systems. In: Kang, B.H., Bai, Q. (eds) AI 2016: Advances in Artificial Intelligence. AI 2016. Lecture Notes in Computer Science(), vol 9992. Springer, Cham. https://doi.org/10.1007/978-3-319-50127-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-50127-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-50126-0
Online ISBN: 978-3-319-50127-7
eBook Packages: Computer ScienceComputer Science (R0)