A self-organizing map and its modeling for discovering malignant network traffic

2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings

Volumn , Issue , 2009, Pages

  Langin, Chet ^a   Zhou, Hongbo ^a   Rahimi, Shahram ^a   Gupta, Bidyut ^a   Zargham, Mehdi ^a   Sayeh, Mohammad R ^a  

^a Southern Illinois University at Carbondale   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTERNET FIREWALLS; KNOWLEDGE DISCOVERY; MODEL-BASED INTRUSION DETECTION; NETWORK ACTIVITIES; NETWORK TRAFFIC; SECURITY ISSUES;

ARTIFICIAL INTELLIGENCE; COMPUTER SYSTEM FIREWALLS; CONFORMAL MAPPING; INTERNET; STRENGTH OF MATERIALS;

INTRUSION DETECTION;

EID: 67650462942     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CICYBS.2009.4925099     Document Type: Conference Paper

References (38)

1. J. Davis, "Hackers take down the most wired country in europe," Wired, Vol. 15, no. 9, September 2007.
2. J. Robb, "When bots attack," Wired, Vol. 15, no. 9, September, 2007 2007.
3. J. Zhuge, T. Holz, S. Y. Han, J. Guo, and W. Zou, "Characterizing the irc-based botnet phenomenon," 2007. [Online]. Available: http://honeyblog.org/junkyard/reports/botnet-china-TR.pdf
4. W. Lee, C. Wang, and D. Dagon, Botnet Detection: Countering the Largest Security Threat, ser. Advances in Information Security. Springer, 2008.
5. E. Cooke, F. Jahanian, and D. McPherson, "The zombie roundup: Understanding, detecting, and disrupting botnets," 2005 2005, steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI '05).
6. J. B. Grizzard, V. Sharma, C. Nunnery, and B. B. Kang, "Peer-to-peer botnets: Overview and case study, 2007" 2007, uSENIX Workshop on Hot Topics in Understanding Botnets (HotBots '07).
7. D. Dagon, G. Gu, and C. Lee, "A taxonomy of botnet structures," in Botnet Detection: Countering the Largest Security Threat, ser. Advances in Information Security, W. Lee, C. Wang, and D. Dagon, Eds. Springer, 2008, pp. 143-164.
8. D. E. Denning, "An intrusion-detection model," IEEE Transactions on Software Engineering, Vol. 13, no. 2, pp. 118-131, 1986.
9. S. Kumar and E. Spafford, "An application of pattern matching in intrusion detection," Purdue University, Tech. Rep., 1994.
10. A. Lazarevic, V. Kumar, and J. Srivastava, "Intrusion detection: A survey," in Managing Cyber Threats, V. Kumar, J. Srivastava, and A. Lazarevic, Eds. Springer, 2005, pp. 19-78.
11. S. Zanero, "Unsupervised learning algorithms for intrusion detection," Ph.D. dissertation, Politecnico di Milano, 2008.
12. L. A. Zadeh, "History; bisc during 90's," 1994.
13. W. S. McCulloch and W. Pitts, "A logical calculus of the ideas immanent in nervous activity," Bulletin of Mathematical Biophysics, Vol. 5, pp. 115-133, 1943.
14. T. Kohonen, Self-Organizing Maps, 3rd ed., ser. Springer Series in Information Sciences. Berlin Heidelberg New York: Springer-Verlag, 2001, Vol. 30.
15. P. Wang, S. Sparks, and C. C. Zou, "An advanced peer-to-peer botnet," 2007 2007, uSENIX Workshop on Hot Topics in Understanding Botnets (HotBots '07).
16. K. L. Fox, R. R. Henning, and J. H. Reed, "A neural network approach towards intrusion detection," in 13th National Computer Security Conference, 1990.
17. A. Hoglund and K. Hatonen, "Computer network user behavior visualization using self-organizing maps," in ICANN, 1998, pp. 899-904.
18. L. Girardin and D. Brodbeck, "A visual approach for monitoring logs," in 12th Systems Administration Conference (LISA '98), Boston, 1998.
19. B. C. Rhodes, J. A. Mahaffey, and J. D. Cannady, "Multiple selforganizing maps for intrusion detection," 2000 2000.
20. J. A. Copeland and R. C. Garcia, "Real-time anomaly detection using soft computing techniques," in IEEE SoutheastCon 2001, 2001. (Pubitemid 32478223)
21. H. Lee, "Training a neural-network based intrusion detector to recognize novel attacks," IEEE Transactions on Systems, Man, and Cybernetics, Part A, Vol. 31, pp. 294-299, 2001. (Pubitemid 33142055)
22. S.-B. Cho, "Incorporating soft computing techniques into a probabilistic intrusion detection system," IEEE Trans. Systems Man Cybernet, Vol. 32, no. 2, p. 154, 2002. (Pubitemid 35289399)
23. A. Hoglund, K. Hatonen, and A. Sorvari, "A computer host based user anomaly detection system using the self organizing map," in International Joint Conference on Neural Networks, IEEE IJCNN, Vol. 5, 2002, pp. 411-416.
24. P. Lichodzijewski, A. N. Zincir-Heywood, and M. Heywood, "Hostbased intrusion detection using self-organizing maps," 2002.
25. M. Ramadas, S. Ostermann, and B. Tjaden, "Detecting anomalous network traffic with self-organizing maps," in Recent Advances in Intrusion Detection, 6th International Symposium, RAID 2003, ser. Lecture Notes in Computer Science, G. Vigna, E. Jonsson, and C. Kruegel, Eds., Vol. 2820. Pittsburgh, PA, USA: Springer-Verlag, 2003, pp. 36-54. (Pubitemid 37171491)
26. A. Tauriainen, A Self-learning System for P2P Traffic Classification. Helsinki: Helsinki University of Technology, 2005.
27. L. Vokorokos, A. Balaz, and M. Chovanec, "Intrusion detection system using self organizing map," Acta Electrotechnica et Informatica, Vol. 6, no. 1, p. 6, 2006.
28. P. Lichodzijewski, A. N. Zincir-Heywood, and M. Heywood, "Dynamic intrusion detection using self-organizing maps," 2002.
29. G. Kayacik, A. N. Zincir-Heywood, and M. I. Heywood, "On the capability of an som based intrusion detection system," in IEEE International Joint Conference on Neural Networks, 2003, pp. 1808-1813.
30. O. Depren, M. Topallar, E. Anarim, and M. Ciliz, "An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks," Expert Systems with Applications, Vol. 29, no. 4, pp. 713-722, 2005. (Pubitemid 41394445)
31. S. T. Sarasamma, Q. Zhu, and J. Huff, "Hierarchical kohonenen net for anomaly detection in network security," IEEE Transactions on Systems, Man, and Cybernetics-Part B: Cybernetics, Vol. 35, no. 2, pp. 302-312, 2005. (Pubitemid 40535913)
32. L. Wetmore, A. N. Zincir-Heywood, and M. Heywood, "Training the sofm efficiently: An example from intrusion detection," in IEEE Internation Joing Conference on Neural Networks, IJCNN 2005, 2005, pp. 1575-1580. (Pubitemid 44591437)
33. H. G. Kayacik and A. N. Zincir-Heywood, "Using self-organizing maps to build and attack map for forensic analysis," in ACM International Conference on Privacy, Security, and Trust (PST 2006), 2006, pp. 285-293.
34. O. Yeloglu, A. N. Zincir-Heywood, and M. Heywood, "Growing recurrent self organizing map," in IEEE International Conference on System, Man and Cybernetics (SMC 2007), 2007.
35. R. A. Kemmerer, "Nstat: A model-based real-time network intrusion detection system," University of California-Santa Barbara, Tech. Rep., November 1997.
36. S.-B. Cho and H.-J. Park, "Efficient anomaly detection by modeling privilege flows with hidden markov model," Computers and Security, Vol. 22, no. 1, pp. 45-55, 2003.
37. J. Zhou, M. Heckman, B. Reynolds, A. Carlson, and M. Bishop, "Modeling network intrusion detection alerts for correlation," ACM Transactions on Information and System Security (TISSEC), Vol. 10, no. 1, 2007. (Pubitemid 46279179)
38. J. McHugh, "Testing intrusion detection systems: A critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory," ACM Transactions on Information and System Security, Vol. 3, no. 4, pp. 262-294, 2000.