Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection

Yuan Cao, Haibo He, Hong Man, Xiaoping Shen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

This paper proposes an approach to integrate the self-organizing map (SOM) and kernel density estimation (KDE) techniques for the anomaly-based network intrusion detection (ABNID) system to monitor the network traffic and capture potential abnormal behaviors. With the continuous development of network technology, information security has become a major concern for the cyber system research. In the modern net-centric and tactical warfare networks, the situation is more critical to provide real-time protection for the availability, confidentiality, and integrity of the networked information. To this end, in this work we propose to explore the learning capabilities of SOM, and integrate it with KDE for the network intrusion detection. KDE is used to estimate the distributions of the observed random variables that describe the network system and determine whether the network traffic is normal or abnormal. Meanwhile, the learning and clustering capabilities of SOM are employed to obtain well-defined data clusters to reduce the computational cost of the KDE. The principle of learning in SOM is to self-organize the network of neurons to seek similar properties for certain input patterns. Therefore, SOM can form an approximation of the distribution of input space in a compact fashion, reduce the number of terms in a kernel density estimator, and thus improve the efficiency for the intrusion detection. We test the proposed algorithm over the real-world data sets obtained from the Integrated Network Based Ohio University's Network Detective Service (INBOUNDS) system to show the effectiveness and efficiency of this method.

Original languageEnglish
Title of host publicationUnmanned/Unattended Sensors and Sensor Networks VI
DOIs
StatePublished - 2009
EventUnmanned/Unattended Sensors and Sensor Networks VI Conference - Berlin, Germany
Duration: 1 Sep 20093 Sep 2009

Publication series

NameProceedings of SPIE - The International Society for Optical Engineering
Volume7480
ISSN (Print)0277-786X

Conference

ConferenceUnmanned/Unattended Sensors and Sensor Networks VI Conference
Country/TerritoryGermany
CityBerlin
Period1/09/093/09/09

Keywords

  • Anomaly-based network intrusion detection (ABNID)
  • Kernel density estimation (KDE)
  • Machine learning
  • Self-organizing map (SOM)

Fingerprint

Dive into the research topics of 'Integration of Self-Organizing Map (SOM) and Kernel Density Estimation (KDE) for network intrusion detection'. Together they form a unique fingerprint.

Cite this