A Novel Intrusion Detection Model Based on Multi-layer Self-Organizing Maps and Principal Component Analysis
In this paper, the Self Organizing Maps (SOM) learning and classification algorithms are firstly modified. Then via the introduction of match-degree, reduction-rate and quantification error of reducing sample, a novel approach to intrusion detection based on Multi-layered modified SOM neural network and Principal Component Analysis (PCA) is proposed. In this model, PCA is applied to feature selection, and Multi-layered SOM is designed to subdivide the imprecise clustering in single-layered SOM layer by layer. Experimental results demonstrate that this model can provide a precise and efficient way for implementing the classifier in intrusion detection.
KeywordsFalse Positive Rate Intrusion Detection Test Dataset Anomaly Detection Quantification Error
Unable to display preview. Download preview PDF.
- 1.Li, Z.J., Wu, Y., Wang, G.Y.: A new framework for intrusion detection based on rough set theory. In: Proceedings of SPIE, vol. 5433, pp. 122–130 (2004)Google Scholar
- 2.Lin, S.C., Shi, D.H.: A Study of Intrusion Detection System Based on Anomaly Detection in Windows Environment. Master thesis, Taiwan of China (2004)Google Scholar
- 3.Lichodzijewski, P.: Dynamic Intrusion Detection Using Self Organizing Maps. In: 14th Annual Canadian Information Technology Security Symposium (2002)Google Scholar
- 4.Eskin, E.A. (ed.): A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Data Mining for Security Applications. Kluwer, Dordrecht (2002)Google Scholar
- 5.Kohonen, T.: The Self-Organizing Map. Proceedings of the IEEE 78(9) (1990)Google Scholar
- 6.Kayacik, H.G., Zincir Heywood, A.N., Heywood, M.I.: On Dataset Biases in a Learning System with Minimum a priori Information for Intrusion Detection. In: Proceedings of the IEEE CNSR, Fredericton, Canada, pp. 181–189 (2004)Google Scholar