Multiple Self-Organizing Maps for Intrusion Detection
Event Location / Date(s)
Baltimore, MD / 2000
Conference Name / Publication Title
Proceedings of the 23rd National Information Systems Security Conference
While many techniques have been explored for detecting intrusive or abnormal behavior on computer systems, approaches that involve pattern matching, expert systems, and traditional neural networks require detectors to either be crafted by hand or trained upon examples of known intrusions. We argue that neural networks capable of unsupervised learning can provide a powerful supplement to these techniques. After learning the characteristics of normal traffic or user behavior, these networks can identify abnormalities without relying on expectations of what abuse will look like. This paper analyzes the potential of the Kohonen self-organizing map to narrow the envelope of intrusive behaviors that would not be caught by a detection system.
Cannady, James D. Jr.; Rhodes, Brandon Craig; and Mahaffey, James A., "Multiple Self-Organizing Maps for Intrusion Detection" (2000). CEC Faculty Proceedings, Presentations, Speeches and Lectures. 560.