Skip to main content
Springer Nature Link
Log in

Network Anomaly Detection with Bayesian Self-Organizing Maps

  • Conference paper
Advances in Computational Intelligence (IWANN 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7902))

Included in the following conference series:

  • 2773 Accesses

Abstract

The growth of the Internet and consequently, the number of interconnected computers through a shared medium, has exposed a lot of relevant information to intruders and attackers. Firewalls aim to detect violations to a predefined rule set and usually block potentially dangerous incoming traffic. However, with the evolution of the attack techniques, it is more difficult to distinguish anomalies from the normal traffic. Different intrusion detection approaches have been proposed, including the use of artificial intelligence techniques such as neural networks. In this paper, we present a network anomaly detection technique based on Probabilistic Self-Organizing Maps (PSOM) to differentiate between normal and anomalous traffic. The detection capabilities of the proposed system can be modified without retraining the map, but only modifying the activation probabilities of the units. This deals with fast implementations of Intrusion Detection Systems (IDS) necessary to cope with current link bandwidths.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alhoniemi, E., Himberg, J., Vesanto, J.: Probabilistic measures for responses of self-organizing map units. In: Proc. of the International ICSC Congress on Computational Intelligence Methods and Applications (CIMA), vol. 1, pp. 286–290 (1999)

    Google Scholar 

  2. Ghosh, J., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proc. of the Annual Computer Security Applications Conference, vol. 1, pp. 259–267 (1998)

    Google Scholar 

  3. Haykin, S.: Neural Networks, 2nd edn. Prentice-Hall (1999)

    Google Scholar 

  4. Hoffman, A., Schimitz, C., Sick, B.: Intrussion detection in computer networks with neural and fuzzy classifiers. In: International Conference on Artificial Neural Networks (ICANN), vol. 1, pp. 316–324 (2003)

    Google Scholar 

  5. Kohonen, T.: Self-Organizing Maps. Springer (2001)

    Google Scholar 

  6. Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendball, K.R., McClung, D., Weber, D., Webster, S.E., Wyschgrod, D., Cuningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. Descex 2, 1012–1027 (2000)

    Google Scholar 

  7. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa instrusion detection systems evaluation as performed by lyncoln laboratory. ACM Transactions on Information and Systems Security 3(4), 262–294 (2000)

    Article  Google Scholar 

  8. Network Security Lab - Knowledge Discovery and Data MininG (NSL-KDD) (2007), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  9. Padilla, P., López, M., Górriz, J.M., Ramírez, J., Salas-González, D., Álvarez, I.: The Alzheimer’s Disease Neuroimaging Initiative. NMF-SVM based CAD tool applied to functional brain images for the diagnosis of Alzheimer’s disease. IEEE Transactions on Medical Imaging 2, 207–216 (2012)

    Article  Google Scholar 

  10. Panda, M., Abraham, A., Patra, M.R.: Discriminative multinomial naïve bayes for network intrusion detection. In: Proc. of the 6th International Conference on Information Assurance and Security, IAS (2010)

    Google Scholar 

  11. Riveiro, M., Johansson, F., Falkman, G., Ziemke, T.: Supporting maritime situation awareness using self organizing maps and gaussian mixture models. In: Proceedings of the 2008 Conference on Tenth Scandinavian Conference on Artificial Intelligence (SCAI), vol. 1, pp. 84–91 (2008)

    Google Scholar 

  12. Theodoridis, S., Koutroumbas, K.: Pattern Recognition. Academic Press (2009)

    Google Scholar 

  13. Vesanto, J., Himberg, J., Alhoniemi, E., Parhankangas, J.: Som toolbox. Helsinki University of Technology (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Architecture and Technology Department, CITIC University of Granada, 18060, Granada, Spain

    Emiro de la Hoz Franco, Julio Ortega Lopera, Eduardo de la Hoz Correa & Alberto Prieto Espinosa

  2. Department of Communications Engineering, University of Málaga, 29071, Málaga, Spain

    Andrés Ortiz García

  3. Systems Engineering Program, Coast University, Barranquilla, Colombia

    Emiro de la Hoz Franco & Eduardo de la Hoz Correa

Authors
  1. Emiro de la Hoz Franco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrés Ortiz García
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Julio Ortega Lopera
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eduardo de la Hoz Correa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Alberto Prieto Espinosa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Architecture and Computer Technology, University of Granada,, Periodista Daniel Saucedo Aranda s/n,, 18071, Granada, Spain

    Ignacio Rojas

  2. Department of Electronics Technology, University of Malaga, 29071, Malaga, Spain

    Gonzalo Joya

  3. Department of Electronics Engineering, Universitat Politecnica de Catalunya, 08034, Barcelona, Spain

    Joan Gabestany

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

de la Hoz Franco, E., Ortiz García, A., Ortega Lopera, J., de la Hoz Correa, E., Prieto Espinosa, A. (2013). Network Anomaly Detection with Bayesian Self-Organizing Maps. In: Rojas, I., Joya, G., Gabestany, J. (eds) Advances in Computational Intelligence. IWANN 2013. Lecture Notes in Computer Science, vol 7902. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38679-4_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38679-4_53

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38678-7

  • Online ISBN: 978-3-642-38679-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation