Skip to main content
Springer Nature Link
Log in

A New GHSOM Model Applied to Network Security

  • Conference paper
Artificial Neural Networks - ICANN 2008 (ICANN 2008)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5163))

Included in the following conference series:

  • 2124 Accesses

Abstract

The self-organizing map (SOM) have shown to be successful for the analysis of high-dimensional input data as in data mining applications such as network security. However, the static architecture and the lack of representation of hierarchical relations are its main drawbacks. The growing hierarchical SOM (GHSOM) address these limitations of the SOM. The GHSOM is an artificial neural network model with hierarchical architecture composed of independent growing SOMs. One limitation of these neural networks is that they just take into account numerical data, even though symbolic data can be present in many real life problems. In this paper a new GHSOM model with a new metric incorporing both numerical and symbolic data is proposed. This new GHSOM model is proposed for detecting network intrusions. An intrusion detection system (IDS) monitors the IP packets flowing over the network to capture intrusions or anomalies. One of the techniques used for anomaly detection is building statical models using metrics derived from observation of the user’s actions. Randomly selected subsets that contains both attacks and normal records from the KDD Cup 1999 benchmark are used for training the proposed GHSOM. Experimental results are provided and compared to other hierarchical neural networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Kohonen, T.: Self-organized formation of topologically correct feature maps. Biological cybernetics 43(1), 59–69 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  2. Rauber, A., Merkl, D., Dittenbach, M.: The growing hierarchical self-organizing map: Exploratory analysis of high-dimensional data. IEEE Transactions on Neural Networks 13(6), 1331–1341 (2002)

    Article  Google Scholar 

  3. Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang, J.: Real time data mining-based intrusion detection. In: DARPA Information Survivability Conference and Exposition II, vol. 1, pp. 89–100 (2001)

    Google Scholar 

  4. Maxion, R., Tan, K.: Anomaly detection in embedded systems. IEEE Transactions on Computers 51(2), 108–120 (2002)

    Article  Google Scholar 

  5. Tan, K., Maxion, R.: Determining the operational limits of an anomaly-based intrusion detector. IEEE Journal on Selected Areas in Communications 21(1), 96–110 (2003)

    Article  Google Scholar 

  6. Ying, H., Feng, T.J., Cao, J.K., Ding, X.Q., Zhou, Y.H.: Research on some problems in the kohonen som algorithm. In: International Conference on Machine Learning and Cybernetics, vol. 3, pp. 1279–1282 (2002)

    Google Scholar 

  7. Lee, W., Stolfo, S., Mok, K.: A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, pp. 120–132 (1999)

    Google Scholar 

  8. Stolfo, S., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based modeling for fraud and intrusion detection: results from the jam project. In: DARPA Information Survivability Conference and Exposition, 2000, DISCEX 2000. Proceedings, vol. 2, pp. 130–144 (2000)

    Google Scholar 

  9. Sarasamma, S., Zhu, Q., Huff, J.: Hierarchical kohonenen net for anomaly detection in network security. IEEE Transactions on Systems Man and Cybernetics Part B-Cybernetics 35(2), 302–312 (2005)

    Article  Google Scholar 

  10. Fritzke, B.: Growing grid - a self-organizing network with constant neighborhood range and adaptation strength. Neural Processing Letters 2(5), 9–13 (1995)

    Article  Google Scholar 

  11. Dittenbach, M., Rauber, A., Merkl, D.: Recent advances with the growing hierarchical self-organizing map. In: 3rd Workshop on Self-Organising Maps (WSOM), pp. 140–145 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science E.T.S.I.Informatica, University of Malaga, Campus Teatinos s/n, 29071, Malaga, Spain

    Esteban J. Palomo, Enrique Domínguez, Rafael Marcos Luque & José Muñoz

Authors
  1. Esteban J. Palomo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Enrique Domínguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rafael Marcos Luque
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José Muñoz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Véra Kůrková Roman Neruda Jan Koutník

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J. (2008). A New GHSOM Model Applied to Network Security. In: Kůrková, V., Neruda, R., Koutník, J. (eds) Artificial Neural Networks - ICANN 2008. ICANN 2008. Lecture Notes in Computer Science, vol 5163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87536-9_70

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-87536-9_70

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-87535-2

  • Online ISBN: 978-3-540-87536-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics