Intrusion Detection Using PCASOM Neural Networks

  • Guisong Liu
  • Zhang Yi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3973)


This paper proposes a method to detect network intrusions by using the PCASOM (principal components analysis and self-organizing map) neural networks. A modified unsupervised learning algorithm which is more suitable for intrusion detection is presented. Experiments are carried out to illustrate the performance of the proposed method by using DARPA 1998 evaluation data sets. It shows that the proposed method can cluster the network connections into proper clusters with high detection rate and relatively low false alarm rate.


False Alarm Rate Intrusion Detection Anomaly Detection Intrusion Detection System Hybrid Neural Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings, National Information Systems Security Conference (NISSC 1998), Arlington VA, pp. 443–456 (1998)Google Scholar
  2. 2.
    Anderson, D., Frivold, T., Valdes, A.: Next-generation Intrusion Detection Expert System(NIDES): A Summary. SRI International Technical Report, SRI-CSL-95-07Google Scholar
  3. 3.
    Ramadas, M., Ostermann, S., Tjaden, B.: Detecting Anomalous Network Traffic with Self-organizing Maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Ghosh, A., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proceedings of the Eighth USENIX Security Symposium, pp. 141–151 (1999)Google Scholar
  5. 5.
    Kuchimanchi, G.K., Phoha, V.V., Balagami, K.S., Gaddam, S.R.: Dimension Reduction Using Feature Extraction Methods for Real-time Misuse Detection Systems. In: Proceedings of the 2004 IEEE Workshop on Information Assurance and Security, pp. 195–202 (2004)Google Scholar
  6. 6.
    Labib, K., Vemuri, V.R.: Detecting and Visualizing Denial-of-Service and Network Probe Attacks Using Principal Component Analysis. In: Third Conference on Security and Network Architectures, La Londe, France (2004)Google Scholar
  7. 7.
    Lei, J.Z., Ghorbani, A.: Network Intrusion Detection Using an Improved Competitive Learning Neural Network. Second Annual Conference on Communication Networks and Services Research, 190–197 (2004)Google Scholar
  8. 8.
    Rubio, E.L., Prez, J.M., Antonio, J., Ruiz, G.: A Principal Components Analysis Self-organizing Map. Neural Networks 17(2), 261–270 (2004)MATHCrossRefGoogle Scholar
  9. 9.
    Haykin, S.: Neural Networks: A Comprehensive Foundation, 2nd edn. Tsinghua University Press, Beijing (2001)Google Scholar
  10. 10.
  11. 11.
    DARPA Intrusion Detection Evaluation Project,
  12. 12.
    Pan, Z.S., Chen, S.C., Hu, G.B., Zhang, D.Q.: Hybrid Neural Network and C4.5 for Misuse Detection. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, pp. 2463–2467 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Guisong Liu
    • 1
  • Zhang Yi
    • 1
  1. 1.Computational Intelligence Laboratory, School of Computer Science and EngineeringUniversity of Electronic Science and Technology of ChinaChengduP.R. China

Personalised recommendations