Distributed intrusion detection system using self organizing map

Vokorokos, Liberios; Baláž, Anton; Trelova, J.

doi:10.1109/ines.2012.6249817

Cited by 14 publications

(10 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various machine learning techniques were implemented to enhance progress in IDS and an explicit discussion of a survey is given in References . IDS was developed using neural network and multilayer perceptron techniques and an IDS using self‐organizing map (unsupervised learning) was also developed . Using artificial neural network an advanced IDS system using the anomaly detection technique was developed, and by using similar techniques, different datasets IDS were developed in Reference .…”

Section: Benign Outliersmentioning

confidence: 99%

See 1 more Smart Citation

Design and performance analysis of various feature selection methods for anomaly‐based techniques in intrusion detection system

Pandey

2019

Security and Privacy

View full text Add to dashboard Cite

Intrusion detection system (IDS) is essential for the network; the intruder can steal sensitive information about networks. The IDS must have the ability to take care of large and real‐time data. The predicted rate must be high based on the available attribute. This work deals with a real intrusion detection problem, by its behavior. In this paper, we developed a hybrid model, which can detect intrusion by its action. We used an NSL‐KDD data set, the multiclass problem and binary problems are 25% tested. This model can be used to guess the availability of intrusion, able to determine the scope of intrusions based on the transaction of data in the network; training requires optimal features of a network transaction. The accuracy of the model is better for both binary class for the multiclass in NSL‐KDD data set. The complication of false data alarm rates is the most significant challenge in the IDS system, and it may be the low false rate or high false rate. Proposed work also addresses this problem. The first step that data will be filtered by Vote algorithm, the Information Gain will get associated with a base learner, to choose the necessary features, which directly affects the accuracy of the model. It uses the following classifier: RandomTree, REPTree, RandomForrest AdaBoostM1, Meta Pagging, DesicionStump, J48, LMT, Bagging, and Naive Bayes. On the based on the proposed model, it is observed as low false rate, high accuracy.

show abstract

Section: Benign Outliersmentioning

confidence: 99%

“…Different data types and features related with in NSL-KDD data set ,6,8,9,10,11,13,16,17,18,19,20,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 …”

mentioning

confidence: 99%

Design and performance analysis of various feature selection methods for anomaly‐based techniques in intrusion detection system

Pandey

2019

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Liberios Vokorokos et al present an intrusion detection system and design architecture of intrusion detection based on neural network SOM referred in [6]. Here a core of the designed architecture represents the neural network Self Organizing Map which classifies the monitored user behavior and also determines the possible intrusion of the monitored computer system.…”

Section: International Journal Of Computer Applications (0975 -8887) mentioning

confidence: 99%

Towards the Development of an Efficient Intrusion Detection System

Borah¹,

Chakraborty²

2014

IJCA

View full text Add to dashboard Cite

Intrusion is a set of related activities which is performed to provide unauthorized activities such as access to the useful information, file modification etc. It is a set of any actions that attempt to compromise the integrity, confidentiality, or availability of a computer resource. Intrusion Detection Systems (IDS) are used to monitor and detect the probable attempts of such types. An IDS collects system and network activity related data. These data may contain network attacks against vulnerable services, data driven attacks on applications, host based attacks etc. There are several IDSs in literature proposed using various computational techniques such as statistical methods, artificial intelligence, data mining etc.Among these, data mining based methods are comparatively more successful in detecting unknown attack patterns. This paper reviews some remarkable works from the literature along with the basic concepts of intrusion detection. It also includes some suggestions for developing an efficient IDS based on the analysis carried out KeywordsIntrusion detection system (IDS), Neural networks, Self organizing map (SOM).

show abstract

“…The idea of using the state of a process to do intrusion detection is proposed in [4]. The authors train a neural network for monitoring the information related to a user's activities -user activity times, user login hosts, user foreign hosts, command set, CPU usage and memory usage patterns.…”

Section: Related Workmentioning

confidence: 99%

In-Execution Malware Detection Using Task Structures of Linux Processes

Shahzad

Bhatti

Shahzad

et al. 2011

2011 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

Abstract-In this paper, we present a novel framework -it uses the information in kernel structures of a process -to do run-time analysis of the behavior of an executing program. Our analysis shows that classifying a process as malicious or benign -using the information in the kernel structures of a process -is not only accurate but also has low processing overheads; as a result, this lightweight framework can be incorporated within the kernel of an operating system. To provide a proof-of-concept of our thesis, we design and implement our system as a kernel module in Linux. We perform the time series analysis of 118 parameters of Linux task structures and preprocess them to come up with a minimal features' set of 11 features. Our analysis show that these features have remarkably different values for benign and malicious processes; as a result, a number of classifiers operating on these features provide 93% detection accuracy with 0% false alarm rate within 100 milliseconds. Last but not least, we justify that it is very difficult for a crafty attacker to evade these lowlevel system specific features.

show abstract

Distributed intrusion detection system using self organizing map

Cited by 14 publications

References 6 publications

Design and performance analysis of various feature selection methods for anomaly‐based techniques in intrusion detection system

Design and performance analysis of various feature selection methods for anomaly‐based techniques in intrusion detection system

Towards the Development of an Efficient Intrusion Detection System

In-Execution Malware Detection Using Task Structures of Linux Processes

Contact Info

Product

Resources

About