CCE Faculty Proceedings, Presentations, Speeches and Lectures

Multiple Self-Organizing Maps for Intrusion Detection

Event Name/Location

Baltimore, MD / 2000

Presentation Date

10-2000

Document Type

Conference Proceeding

Proceedings Title

Proceedings of the 23rd National Information Systems Security Conference

Description

While many techniques have been explored for detecting intrusive or abnormal behavior on computer systems, approaches that involve pattern matching, expert systems, and traditional neural networks require detectors to either be crafted by hand or trained upon examples of known intrusions. We argue that neural networks capable of unsupervised learning can provide a powerful supplement to these techniques. After learning the characteristics of normal traffic or user behavior, these networks can identify abnormalities without relying on expectations of what abuse will look like. This paper analyzes the potential of the Kohonen self-organizing map to narrow the envelope of intrusive behaviors that would not be caught by a detection system.

This document is currently not available here.

Share

COinS