Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Hybrid model of self‐organizing map and kernel auto‐associator for internet intrusion detection

Hybrid model of self‐organizing map and kernel auto‐associator for internet intrusion detection Purpose – The task of internet intrusion detection is to detect anomalous network connections caused by intrusive activities. There have been many intrusion detection schemes proposed, most of which apply both normal and intrusion data to construct classifiers. However, normal data and intrusion data are often seriously imbalanced because intrusive connection data are usually difficult to collect. Internet intrusion detection can be considered as a novelty detection problem, which is the identification of new or unknown data, to which a learning system has not been exposed during training. This paper aims to address this issue. Design/methodology/approach – In this paper, a novelty detection‐based intrusion detection system is proposed by combining the self‐organizing map (SOM) and the kernel auto‐associator (KAA) model proposed earlier by the first author. The KAA model is a generalization of auto‐associative networks by training to recall the inputs through kernel subspace. For anomaly detection, the SOM organizes the prototypes of samples while the KAA provides data description for the normal connection patterns. The hybrid SOM/KAA model can also be applied to classify different types of attacks. Findings – Using the KDD CUP, 1999 dataset, the performance of the proposed scheme in separating normal connection patterns from intrusive connection patterns was compared with some state‐of‐art novelty detection methods, showing marked improvements in terms of the high intrusion detection accuracy and low false positives. Simulations on the classification of attack categories also demonstrate favorable results of the accuracy, which are comparable to the entries from the KDD CUP, 1999 data mining competition. Originality/value – The hybrid model of SOM and the KAA model can achieve significant results for intrusion detection. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Intelligent Computing and Cybernetics Emerald Publishing

Hybrid model of self‐organizing map and kernel auto‐associator for internet intrusion detection

Loading next page...
 
/lp/emerald-publishing/hybrid-model-of-self-organizing-map-and-kernel-auto-associator-for-LswAZy73jO
Publisher
Emerald Publishing
Copyright
Copyright © 2012 Emerald Group Publishing Limited. All rights reserved.
ISSN
1756-378X
DOI
10.1108/17563781211282286
Publisher site
See Article on Publisher Site

Abstract

Purpose – The task of internet intrusion detection is to detect anomalous network connections caused by intrusive activities. There have been many intrusion detection schemes proposed, most of which apply both normal and intrusion data to construct classifiers. However, normal data and intrusion data are often seriously imbalanced because intrusive connection data are usually difficult to collect. Internet intrusion detection can be considered as a novelty detection problem, which is the identification of new or unknown data, to which a learning system has not been exposed during training. This paper aims to address this issue. Design/methodology/approach – In this paper, a novelty detection‐based intrusion detection system is proposed by combining the self‐organizing map (SOM) and the kernel auto‐associator (KAA) model proposed earlier by the first author. The KAA model is a generalization of auto‐associative networks by training to recall the inputs through kernel subspace. For anomaly detection, the SOM organizes the prototypes of samples while the KAA provides data description for the normal connection patterns. The hybrid SOM/KAA model can also be applied to classify different types of attacks. Findings – Using the KDD CUP, 1999 dataset, the performance of the proposed scheme in separating normal connection patterns from intrusive connection patterns was compared with some state‐of‐art novelty detection methods, showing marked improvements in terms of the high intrusion detection accuracy and low false positives. Simulations on the classification of attack categories also demonstrate favorable results of the accuracy, which are comparable to the entries from the KDD CUP, 1999 data mining competition. Originality/value – The hybrid model of SOM and the KAA model can achieve significant results for intrusion detection.

Journal

International Journal of Intelligent Computing and CyberneticsEmerald Publishing

Published: Nov 23, 2012

Keywords: Network intrusion detection; Self‐organization; Kernel auto‐associator; Novelty detection; Internet; Interrupts

References