Abstract
Nowadays, the growth of the computer networks and the expansion of the Internet have made the security to be a critical issue. In fact, many proposals for Intrusion Detection/Prevention Systems (IDS/IPS) have been proposed. These proposals try to avoid that corrupt or anomalous traffic reaches the user application or the operating system. Nevertheless, most of the IDS/IPS proposals only distinguish between normal traffic and anomalous traffic that can be suspected to be a potential attack. In this paper, we present a IDS/IPS approach based on Growing Hierarchical Self-Organizing Maps (GHSOM) which can not only differentiate between normal and anomalous traffic but also identify different known attacks. The proposed system has been trained and tested using the well-known DARPA/NSL-KDD datasets and the results obtained are promising since we can detect over 99,4% of the normal traffic and over 99,2 % of attacker traffic. Moreover, the system can be trained on-line by using the probability labeling method presented on this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ghosh, J., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of the Annual Computer Security Applications Conference (1998)
Hoffman, A., Schimitz, C., Sick, B.: Intrussion Detection in Computer networks with Neural and Fuzzy classifiers. In: Kaynak, O., Alpaydın, E., Oja, E., Xu, L. (eds.) ICANN 2003 and ICONIP 2003. LNCS, vol. 2714, Springer, Heidelberg (2003)
Lichodzijewski, P., Zincir-Heywood, N., Heywood, M.: Host Based Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the IEEE International Joint Conference on Neural Networks (2002)
Zhang, C., Jiang, J., Kamel, M.: Intrusion Detection using hierarchical neural networks. Pattern Recognition Letters 26, 779–791 (2005)
Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2001)
Fisch, D., Hofmann, A., Sick, B.: On the versatility of radial basis function neural networks: A case study in the field of intrusion detection. Inf. Sci. 180(12), 2421–2439 (2010)
Rauber, A., Merkl, D., Dittenbach, M.: The Growing Hierarchical Self-Organizing Map: Explorarory Analysis of High-Dimensional Data. IEEE Transactions on Neural Network 13(6) (2002)
Oh, H., Doh, I., Chae, K.: Attack Classification based on data mining technique and its application for reliable medical sensor communication. International Journal Of Science and Applications 6(3), 20–32 (2009)
The NSL-KDD dataset, http://iscx.ca/NSL-KDD/
Lakhina, S., Joseph, S., Verma, B.: Feature Reduction using Principal Component Analysis for Effective Anomaly-Based Intrusion Detection on NSL-KDD. International Journal on Engineering Science and Technology 2(6), 1790–1799 (2010)
Datti, R., Verma, B.: Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis. International Journal on Engineering Science and Technology 2(4), 1072–1078 (2010)
Zargar, G.R., Kabiri, P.: Selection of Effective Network Parameters in Attacks for Intrussion Detection. In: IEEE International Conference on Data Mining (2010)
Mukkamala, S., Sung, A.H.: Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines. In: Proceedings of the Second Digital Forensic Research Workshop (2002)
Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: Network security using growing hierarchical self-organizing maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 130–139. Springer, Heidelberg (2009)
Datti, R., Verma, B.: Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis. International Journal on Engineering Science and Technology 2(4), 1072–1078 (2010)
Zargar, G.R., Kabiri, P.: Selection of Effective Network Parameters in Attacks for Intrussion Detection. In: IEEE International Conference on Data Mining (2010)
Mukkamala, S., Sung, A.H.: Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines. In: Proceedings of the Second Digital Forensic Research Workshop (2002)
Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: Network Security Using Growing Hierarchical Self-Organizing Maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 130–139. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ortiz, A., Ortega, J., Díaz, A.F., Prieto, A. (2011). Network Intrusion Prevention by Using Hierarchical Self-Organizing Maps and Probability-Based Labeling. In: Cabestany, J., Rojas, I., Joya, G. (eds) Advances in Computational Intelligence. IWANN 2011. Lecture Notes in Computer Science, vol 6691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21501-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-21501-8_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21500-1
Online ISBN: 978-3-642-21501-8
eBook Packages: Computer ScienceComputer Science (R0)