Abstract
Different with the host-based anomaly detection, the huge volume of network traffic requires machine learning algorithms more efficient in the network-based anomaly detection. In this paper, the more efficient detection frame based on the SOFM algorithm with the fast nearest-neighbor searching strategy to detect the attack is proposed. We apply the detection frame to DARPA Intrusion Detection Evaluation Dataset. It is shown that the network attacks are detected with relatively low false alarms and more efficiency. The performance of anomaly detection model is improved greatly.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Eskin, E., Arnold, A., Prerau, M.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Applications of Data Mining in Computer Security, Kluwer, Dordrecht (2002)
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proceedings of the 2003 Symposium on Applications and the Internet (2003)
Mukkamala, S., Sung, A.H.: Identifying key features for intrusion detection using neural networks. In: Proceedings of the 15th international conference on Computer communication (August 2002)
Kohonen, T.: Self-Organization and Associative Memory, 3rd edn. Springer, Berlin (1989)
Hoglund, A.J., Hatonen, K.: A computer host-based user anomaly detection system using self-organizing map. In: IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN 2000), vol. 5 (2000)
Lichodzijewski, P., Zineir-Heywood, A.N., Heywood, M.I.: Host-based intrusion detection using self-organizing Maps. In: Proceedings of the 2002 IEEE IJCNN, Hawaii, USA (May 2002)
Torres, T., Huguet, J.: An improvement on codebook search for vector quantization. IEEE Trans. Commun. 42(2), 208–210 (1994)
Miller, G.J., Thompson, K., Wilder, R.: Wide-area Internet traffic patterns and characteristics. IEEE Network, 10–23 (November 1997)
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Usenix Security Symposium, Washington, D.C. (August 2001)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks 34(4), 579–595 (2000)
1999 DARPA Intrusion Detection Evaluation Dataset, http://www.ll.mit.edu/IST/ideval/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zheng, J., Hu, M., Fang, B., Zhang, H. (2004). Anomaly Detection Using Fast SOFM. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds) Grid and Cooperative Computing - GCC 2004 Workshops. GCC 2004. Lecture Notes in Computer Science, vol 3252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30207-0_66
Download citation
DOI: https://doi.org/10.1007/978-3-540-30207-0_66
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23578-1
Online ISBN: 978-3-540-30207-0
eBook Packages: Springer Book Archive