Skip to main content
SpringerLink
Log in
Book cover

International Work-Conference on Artificial Neural Networks

IWANN 2011: Advances in Computational Intelligence pp 232–239Cite as

Network Intrusion Prevention by Using Hierarchical Self-Organizing Maps and Probability-Based Labeling

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 6691))

Abstract

Nowadays, the growth of the computer networks and the expansion of the Internet have made the security to be a critical issue. In fact, many proposals for Intrusion Detection/Prevention Systems (IDS/IPS) have been proposed. These proposals try to avoid that corrupt or anomalous traffic reaches the user application or the operating system. Nevertheless, most of the IDS/IPS proposals only distinguish between normal traffic and anomalous traffic that can be suspected to be a potential attack. In this paper, we present a IDS/IPS approach based on Growing Hierarchical Self-Organizing Maps (GHSOM) which can not only differentiate between normal and anomalous traffic but also identify different known attacks. The proposed system has been trained and tested using the well-known DARPA/NSL-KDD datasets and the results obtained are promising since we can detect over 99,4% of the normal traffic and over 99,2 % of attacker traffic. Moreover, the system can be trained on-line by using the probability labeling method presented on this paper.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ghosh, J., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of the Annual Computer Security Applications Conference (1998)

    Google Scholar 

  2. Hoffman, A., Schimitz, C., Sick, B.: Intrussion Detection in Computer networks with Neural and Fuzzy classifiers. In: Kaynak, O., Alpaydın, E., Oja, E., Xu, L. (eds.) ICANN 2003 and ICONIP 2003. LNCS, vol. 2714, Springer, Heidelberg (2003)

    Google Scholar 

  3. Lichodzijewski, P., Zincir-Heywood, N., Heywood, M.: Host Based Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the IEEE International Joint Conference on Neural Networks (2002)

    Google Scholar 

  4. Zhang, C., Jiang, J., Kamel, M.: Intrusion Detection using hierarchical neural networks. Pattern Recognition Letters 26, 779–791 (2005)

    Article  Google Scholar 

  5. Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2001)

    Book  MATH  Google Scholar 

  6. Fisch, D., Hofmann, A., Sick, B.: On the versatility of radial basis function neural networks: A case study in the field of intrusion detection. Inf. Sci. 180(12), 2421–2439 (2010)

    Article  Google Scholar 

  7. Rauber, A., Merkl, D., Dittenbach, M.: The Growing Hierarchical Self-Organizing Map: Explorarory Analysis of High-Dimensional Data. IEEE Transactions on Neural Network 13(6) (2002)

    Google Scholar 

  8. Oh, H., Doh, I., Chae, K.: Attack Classification based on data mining technique and its application for reliable medical sensor communication. International Journal Of Science and Applications 6(3), 20–32 (2009)

    Google Scholar 

  9. The NSL-KDD dataset, http://iscx.ca/NSL-KDD/

  10. Lakhina, S., Joseph, S., Verma, B.: Feature Reduction using Principal Component Analysis for Effective Anomaly-Based Intrusion Detection on NSL-KDD. International Journal on Engineering Science and Technology 2(6), 1790–1799 (2010)

    Google Scholar 

  11. Datti, R., Verma, B.: Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis. International Journal on Engineering Science and Technology 2(4), 1072–1078 (2010)

    Google Scholar 

  12. Zargar, G.R., Kabiri, P.: Selection of Effective Network Parameters in Attacks for Intrussion Detection. In: IEEE International Conference on Data Mining (2010)

    Google Scholar 

  13. Mukkamala, S., Sung, A.H.: Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines. In: Proceedings of the Second Digital Forensic Research Workshop (2002)

    Google Scholar 

  14. Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: Network security using growing hierarchical self-organizing maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 130–139. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Datti, R., Verma, B.: Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis. International Journal on Engineering Science and Technology 2(4), 1072–1078 (2010)

    Google Scholar 

  16. Zargar, G.R., Kabiri, P.: Selection of Effective Network Parameters in Attacks for Intrussion Detection. In: IEEE International Conference on Data Mining (2010)

    Google Scholar 

  17. Mukkamala, S., Sung, A.H.: Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines. In: Proceedings of the Second Digital Forensic Research Workshop (2002)

    Google Scholar 

  18. Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: Network Security Using Growing Hierarchical Self-Organizing Maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 130–139. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Communications Engineering Department, University of Malaga, 29004, Malaga, Spain

    Andres Ortiz

  2. Department of Computer Architecture and Technology, University of Granada, 18060, Granada, Spain

    Julio Ortega, Antonio F. Díaz & Alberto Prieto

Authors
  1. Andres Ortiz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julio Ortega
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonio F. Díaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alberto Prieto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departament d’Enginyeria Electrònica, Universitat Politècnica de Catalunya (UPC), Campus Nord, Edificio C4, c/ Gran Capità s/n, 08034, Barcelona, Spain

    Joan Cabestany

  2. Department of Computer Architecture and Computer Technology, University of Granada, C/ Periodista Daniel Saucedo Aranda, 18071, Granada, Spain

    Ignacio Rojas

  3. Departamento Tecnologia Eletrónica, Universidad de Málaga, Campus de Teatinos, 29071, Málaga, Spain

    Gonzalo Joya

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ortiz, A., Ortega, J., Díaz, A.F., Prieto, A. (2011). Network Intrusion Prevention by Using Hierarchical Self-Organizing Maps and Probability-Based Labeling. In: Cabestany, J., Rojas, I., Joya, G. (eds) Advances in Computational Intelligence. IWANN 2011. Lecture Notes in Computer Science, vol 6691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21501-8_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21501-8_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21500-1

  • Online ISBN: 978-3-642-21501-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation