NETWORK INTRUSION DETECTION USING GROWING SELF ORGANIZING MAPS

Abstract

With the growing rate of interconnection among computer systems, network security is becoming an issue of serious global concern. The complexity, accessibility and openness of the Internet have served to increase the security risk of information systems tremendously. This dissertation concern Network Intrusion Detection [11], [12], [13]. Network intrusion detection is the problem of detecting anomalous network connections caused by intrusive activities. Intrusion detection has been an active field of research for about two decades, starting in 1980 with the publication of John Anderson's Computer Security Threat Monitoring and Surveillance [13], which was one of the earliest papers in the field. Most current approaches to intrusion detection involve the use of rule-based expert systems [5] to identify indications of known attacks. However, these techniques are less successful in identifying attacks, which vary from expected patterns. Artificial Neural Networks (ANN) [16] provides the potential to identify and classify network activity based on limited, incomplete, and nonlinear data sources. This dissertation work utilizes the analytical strengths of ANN for Network intrusion Detection. This dissertation concerns the details of simulation of an intrusion detector based on Growing Self Organizing Maps (GSOM) [1] neural network modal, this GSOM modal is an extended version of Self Organizing Maps (SOM) [16] and has significant advantages for knowledge discovery applications. The Intrusion Detection System presented here is capable of detecting Network based attacks on that only the portscaning attacks, namely acknowledge attack, finish attack and fragmented attack. The strong point here is retraining option. It can be retrained without disturbing the detection part. Also it can be easily extended for other attacks.