Network Anomaly Detection with Bayesian Self-Organizing Maps

The growth of the Internet and consequently, the number of interconnected computers through a shared medium, has exposed a lot of relevant information to intruders and attackers. Firewalls aim to detect violations to a predefined rule set and usually block potentially dangerous incoming traffic. How...

Full description

Autores:
De-La-Hoz-Franco, Emiro
Ortiz García, Andrés
Ortega Lopera, Julio
De la Hoz Correa, Eduardo Miguel
Prieto Espinosa, Carlos Antonio
Tipo de recurso:
Article of journal
Fecha de publicación:
2013
Institución:
Corporación Universidad de la Costa
Repositorio:
REDICUC - Repositorio CUC
Idioma:
eng
OAI Identifier:
oai:repositorio.cuc.edu.co:11323/7247
Acceso en línea:
https://hdl.handle.net/11323/7247
https://doi.org/10.1007/978-3-642-38679-4_53
https://repositorio.cuc.edu.co/
Palabra clave:
Gaussian Mixture Model
Intrusion Detection System
Receiver Operating Curf Curve
Best Match Unit
Receiver Operating Curf
Rights
openAccess
License
Attribution-NonCommercial-ShareAlike 4.0 International
Description
Summary:The growth of the Internet and consequently, the number of interconnected computers through a shared medium, has exposed a lot of relevant information to intruders and attackers. Firewalls aim to detect violations to a predefined rule set and usually block potentially dangerous incoming traffic. However, with the evolution of the attack techniques, it is more difficult to distinguish anomalies from the normal traffic. Different intrusion detection approaches have been proposed, including the use of artificial intelligence techniques such as neural networks. In this paper, we present a network anomaly detection technique based on Probabilistic Self-Organizing Maps (PSOM) to differentiate between normal and anomalous traffic. The detection capabilities of the proposed system can be modified without retraining the map, but only modifying the activation probabilities of the units. This deals with fast implementations of Intrusion Detection Systems (IDS) necessary to cope with current link bandwidths.

Publicaciones similares