DocumentCode
3500276
Title
Real-Time Intrusion Detection System Based on Self-Organized Maps and Feature Correlations
Author
Oh, Hayoung ; Chae, Kijoon
Author_Institution
Dept. of Comput. Sci. & Eng., Seoul Nat. Univ., Seoul
Volume
2
fYear
2008
fDate
11-13 Nov. 2008
Firstpage
1154
Lastpage
1158
Abstract
Detecting network intrusion has been not only critical but also difficult in the network security research area. Traditional supervised learning techniques are not appropriate to detect anomalous behaviors and new attacks because of temporal changes in network intrusion patterns and characteristics. Therefore, unsupervised learning techniques such as SOM (self-organizing map) are more appropriate for anomaly detection. In this paper, we proposed a real-time intrusion detection system based on SOM that groups similar data and visualize their clusters. Our system labels the map produced by SOM using correlations between features. We experiments our system with KDD Cup 1999 data set. Our system yields the reasonable misclassification rates and takes 0.5 seconds to decide whether a behavior is normal or attack.
Keywords
computer networks; real-time systems; self-organising feature maps; telecommunication security; feature correlation; intrusion detection system; network intrusion detection; network security; real-time system; self-organized map; Clustering algorithms; Computer networks; Computer security; Data security; Data visualization; Intrusion detection; Labeling; Neurons; Real time systems; Unsupervised learning; Correlations; Coutermeasures; Network Security; Real time Intrusion Detection System; Supervised Learning; Unsupervised Learning;
fLanguage
English
Publisher
ieee
Conference_Titel
Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on
Conference_Location
Busan
Print_ISBN
978-0-7695-3407-7
Type
conf
DOI
10.1109/ICCIT.2008.362
Filename
4682403
Link To Document