Network intrusion prevention by using hierarchical self-organizing maps and probability-based labeling

Abstract

Nowadays, the growth of the computer networks and the expansion of the Internet have made the security to be a critical issue. In fact, many proposals for Intrusion Detection/Prevention Systems (IDS/IPS) have been proposed. These proposals try to avoid that corrupt or anomalous traffic reaches the user application or the operating system. Nevertheless, most of the IDS/IPS proposals only distinguish between normal traffic and anomalous traffic that can be suspected to be a potential attack. In this paper, we present a IDS/IPS approach based on Growing Hierarchical Self-Organizing Maps (GHSOM) which can not only differentiate between normal and anomalous traffic but also identify different known attacks. The proposed system has been trained and tested using the well-known DARPA/NSL-KDD datasets and the results obtained are promising since we can detect over 99,4% of the normal traffic and over 99,2 % of attacker traffic. Moreover, the system can be trained on-line by using the probability labeling method presented on this paper. © 2011 Springer-Verlag.