Implementation of an intrusion detection system based on self organizing map

The main purpose of this study is to identify a methodology to validate the effectiveness of an Intrusion Detection Systems proposed in three phases (selection, training and classification) using FDR to feature selection and Self Organizing Maps to training-classification. Therefore, initially are c...

Full description

Autores:
De-La-Hoz-Franco, Emiro
Ortiz García, Andrés
Ortega Lopera, Julio
De La Hoz Correa, Eduardo Miguel
Mendoza Palechor, Fabio Enrique
Tipo de recurso:
Article of journal
Fecha de publicación:
2015
Institución:
Corporación Universidad de la Costa
Repositorio:
REDICUC - Repositorio CUC
Idioma:
eng
OAI Identifier:
oai:repositorio.cuc.edu.co:11323/3253
Acceso en línea:
https://hdl.handle.net/11323/3253
https://repositorio.cuc.edu.co/
Palabra clave:
Intrusion detection system – IDS
Self-organizing map – SOM
Fisher’s discriminant rate – FDR
Gaussian mixture model (GMM)
Dataset NSL-KDD
Sistema de detección de intrusos - IDS
Mapa autoorganizado - SOM
Tasa discriminaste de fisher - FDR
Mezcla gaussiana modelo (GMM)
Conjunto de datos NSL-KDD
Rights
openAccess
License
http://creativecommons.org/licenses/by-nc-sa/4.0/
Description
Summary:The main purpose of this study is to identify a methodology to validate the effectiveness of an Intrusion Detection Systems proposed in three phases (selection, training and classification) using FDR to feature selection and Self Organizing Maps to training-classification. Therefore, initially are covered basics introductory in the first four items, related to the input dataset, the intrusion detection system and the metrics that are necessary to evaluate the IDS, the feature extraction technique FDR and the funcionality about the self-organizing map (SOM). Later in the methodology Item, in the body of the paper, a functional model proposed to described the intrusion detection, such model is validated from the comparation of metrics in simulation develops enviroments. Finally concluded that the detection rates obtained by the proposed functional model are: sensitivity of 97.39% (fits correctly identified as attacks) and a specificityof 62.73% (normal traffic correctly identified as normal traffic) using only 17 features of the dataset input.These results are compared with other simulating scenarios different, consulted from the documentary sources, from which it is suggested to integrate at the proposed model other techniques for training and classification processes to optimize the intrusion detection model.