CEC Faculty Proceedings, Presentations, Speeches and Lectures


Multiple Self-Organizing Maps for Intrusion Detection

Event Location / Date(s)

Baltimore, MD / 2000

Document Type

Conference Proceeding

Presentation Date


Conference Name / Publication Title

Proceedings of the 23rd National Information Systems Security Conference


While many techniques have been explored for detecting intrusive or abnormal behavior on computer systems, approaches that involve pattern matching, expert systems, and traditional neural networks require detectors to either be crafted by hand or trained upon examples of known intrusions. We argue that neural networks capable of unsupervised learning can provide a powerful supplement to these techniques. After learning the characteristics of normal traffic or user behavior, these networks can identify abnormalities without relying on expectations of what abuse will look like. This paper analyzes the potential of the Kohonen self-organizing map to narrow the envelope of intrusive behaviors that would not be caught by a detection system.

This document is currently not available here.