Skip to main content
Springer Nature Link
Log in

Network Security Using Growing Hierarchical Self-Organizing Maps

  • Conference paper
Adaptive and Natural Computing Algorithms (ICANNGA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5495))

Included in the following conference series:

  • 2169 Accesses

Abstract

This paper presents a hierarchical self-organizing neural network for intrusion detection. The proposed neural model consists of a hierarchical architecture composed of independent growing self-organizing maps (SOMs). The SOMs have shown to be successful for the analysis of high-dimensional input data as in data mining applications such as network security. An intrusion detection system (IDS) monitors the IP packets flowing over the network to capture intrusions or anomalies. One of the techniques used for anomaly detection is building statistical models using metrics derived from observation of the user’s actions. The proposed growing hierarchical SOM (GHSOM) address the limitations of the SOM related to their static architecture. Experimental results are provided by applying the well-known KDD Cup 1999 benchmark data set, which contains a great variety of simulated networks attacks. Randomly selected subsets that contain both attacks and normal records from this benchmark are used for training the GHSOM. Before training, a transformation for qualitative features present in the benchmark data set is proposed in order to compute distance among qualitative values. Comparative results with other related works are also provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Kohonen, T.: Self-organized formation of topologically correct feature maps. Biological cybernetics 43(1), 59–69 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  2. Rauber, A., Merkl, D., Dittenbach, M.: The growing hierarchical self-organizing map: Exploratory analysis of high-dimensional data. IEEE Transactions on Neural Networks 13(6), 1331–1341 (2002)

    Article  MATH  Google Scholar 

  3. Lei, J., Ghorbani, A.: Network intrusion detection using an improved competitive learning neural network. In: 2nd Annual Conference on Communication Networks and Services Research, pp. 190–197 (2004)

    Google Scholar 

  4. Sarasamma, S., Zhu, Q., Huff, J.: Hierarchical kohonenen net for anomaly detection in network security. IEEE Transactions on Systems Man and Cybernetics Part B-Cybernetics 35(2), 302–312 (2005)

    Article  Google Scholar 

  5. Depren, O., Topallar, M., Anarim, E., Ciliz, M.: An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert Systems with Applications 29(4), 713–722 (2005)

    Article  Google Scholar 

  6. Denning, D.: An intrusion-detection model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)

    Article  Google Scholar 

  7. Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang, J.: Real time data mining-based intrusion detection. In: DARPA Information Survivability Conference & Exposition II, vol. 1, pp. 89–100 (2001)

    Google Scholar 

  8. Maxion, R., Tan, K.: Anomaly detection in embedded systems. IEEE Transactions on Computers 51(2), 108–120 (2002)

    Article  Google Scholar 

  9. Tan, K., Maxion, R.: Determining the operational limits of an anomaly-based intrusion detector. IEEE Journal on Selected Areas in Communications 21(1), 96–110 (2003)

    Article  Google Scholar 

  10. Ying, H., Feng, T.J., Cao, J.K., Ding, X.Q., Zhou, Y.H.: Research on some problems in the kohonen som algorithm. In: International Conference on Machine Learning and Cybernetics, vol. 3, pp. 1279–1282 (2002)

    Google Scholar 

  11. Lee, W., Stolfo, S., Mok, K.: A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, pp. 120–132 (1999)

    Google Scholar 

  12. Stolfo, S., Fan, W., Lee, W., Prodromidis, A., Chan, P.: Cost-based modeling for fraud and intrusion detection: results from the jam project. In: Proceedings of DARPA Information Survivability Conference and Exposition, 2000. DISCEX 2000, vol. 2, pp. 130–144 (2000)

    Google Scholar 

  13. Alahakoon, D., Halgamuge, S., Srinivasan, B.: Dynamic self-organizing maps with controlled growth for knowledge discovery. IEEE Transactions on Neural Networks 11, 601–614 (2000)

    Article  Google Scholar 

  14. Dittenbach, M., Rauber, A., Merkl, D.: Recent advances with the growing hierarchical self-organizing map. In: 3rd Workshop on Self-Organising Maps (WSOM), pp. 140–145 (2001)

    Google Scholar 

  15. DeLooze, L., AF DeLooze, L.: Attack characterization and intrusion detection using an ensemble of self-organizing maps. In: 7th Annual IEEE Information Assurance Workshop, pp. 108–115 (2006)

    Google Scholar 

  16. Mitrokotsa, A., Douligeris, C.: Detecting denial of service attacks using emergent self-organizing maps. In: 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 375–380 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science E.T.S.I.Informatica, University of Malaga, Campus Teatinos s/n, 29071, Malaga, Spain

    E. J. Palomo, E. Domínguez, R. M. Luque & J. Muñoz

Authors
  1. E. J. Palomo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Domínguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. M. Luque
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. J. Muñoz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Environmental Sciences, University of Kuopio, PO Box 1627, FIN-70211, Kuopio, Finland

    Mikko Kolehmainen

  2. Department of Computer Science, University of Kuopio, P.O.Box 1627, 70211, Kuopio, Finland

    Pekka Toivanen

  3. Institute of Control and Industrial Electronics, Warsaw University of Technology, ul. Koszykowa 75, 00-662, Warszawa, Poland

    Bartlomiej Beliczynski

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J. (2009). Network Security Using Growing Hierarchical Self-Organizing Maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds) Adaptive and Natural Computing Algorithms. ICANNGA 2009. Lecture Notes in Computer Science, vol 5495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04921-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04921-7_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04920-0

  • Online ISBN: 978-3-642-04921-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics