Share Email Print
cover

Proceedings Paper

Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection
Author(s): Yuan Cao; Haibo He; Hong Man; Xiaoping Shen
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

This paper proposes an approach to integrate the self-organizing map (SOM) and kernel density estimation (KDE) techniques for the anomaly-based network intrusion detection (ABNID) system to monitor the network traffic and capture potential abnormal behaviors. With the continuous development of network technology, information security has become a major concern for the cyber system research. In the modern net-centric and tactical warfare networks, the situation is more critical to provide real-time protection for the availability, confidentiality, and integrity of the networked information. To this end, in this work we propose to explore the learning capabilities of SOM, and integrate it with KDE for the network intrusion detection. KDE is used to estimate the distributions of the observed random variables that describe the network system and determine whether the network traffic is normal or abnormal. Meanwhile, the learning and clustering capabilities of SOM are employed to obtain well-defined data clusters to reduce the computational cost of the KDE. The principle of learning in SOM is to self-organize the network of neurons to seek similar properties for certain input patterns. Therefore, SOM can form an approximation of the distribution of input space in a compact fashion, reduce the number of terms in a kernel density estimator, and thus improve the efficiency for the intrusion detection. We test the proposed algorithm over the real-world data sets obtained from the Integrated Network Based Ohio University's Network Detective Service (INBOUNDS) system to show the effectiveness and efficiency of this method.

Paper Details

Date Published: 24 September 2009
PDF: 12 pages
Proc. SPIE 7480, Unmanned/Unattended Sensors and Sensor Networks VI, 74800N (24 September 2009); doi: 10.1117/12.834890
Show Author Affiliations
Yuan Cao, Stevens Institute of Technology (United States)
Haibo He, Stevens Institute of Technology (United States)
Hong Man, Stevens Institute of Technology (United States)
Xiaoping Shen, Ohio Univ. (United States)


Published in SPIE Proceedings Vol. 7480:
Unmanned/Unattended Sensors and Sensor Networks VI
Edward M. Carapezza, Editor(s)

© SPIE. Terms of Use
Back to Top