Kyoung Ae Hwang , Ha Young Oh , Ji Young Lim , Ki Joon Chae , Jung Chan Nah

The KIPS Transactions:PartC, Vol. 12, No. 5, pp. 649-658, Oct. 2005
10.3745/KIPSTC.2005.12.5.649,   PDF Download:

Abstract

Since the Network based attack is extensive in the real state of damage, It is very important to detect intrusion quickly at the beginning. But the intrusion detection using supervised learning needs either the preprocessing enormous data or the manager's analysis. Also it has two difficulties to detect abnormal traffic that the manager's analysis might be incorrect and would miss thereal time detectiom. In this paper, we propose a traffic attributes correlation analysis mechnism based on self-organization maps(SOM) for the real-time intrusion detection. The proposed mechnism has tree steps. First, with unsupervised learning build a map cluster composed of similar traffic. Second, label each map cluster to divide the map into normal traffic and abnormal traffic. In this step there is a rule which is created through the correlation analysis with SOM. At last, the mechanism would the process real-time detecting and updating gradually. During a lot of experiments the proposed mechanism has good performance in real-time intrusion to combine of unsupervised learning and supervised learning than that of supervised learning.

Statistics
Cite this article