Show simple item record


dc.creatorDe la Hoz, Emiro
dc.creatorOrtiz García, Andrés
dc.creatorOrtega Lopera, Julio
dc.creatorDe La Hoz Correa, Eduardo Miguel
dc.creatorMendoza Palechor, Fabio Enrique
dc.date.accessioned2019-05-08T15:06:47Z
dc.date.available2019-05-08T15:06:47Z
dc.date.issued2015-01-31
dc.identifier.issn1992-8645
dc.identifier.urihttp://hdl.handle.net/11323/3253
dc.description.abstractThe main purpose of this study is to identify a methodology to validate the effectiveness of an Intrusion Detection Systems proposed in three phases (selection, training and classification) using FDR to feature selection and Self Organizing Maps to training-classification. Therefore, initially are covered basics introductory in the first four items, related to the input dataset, the intrusion detection system and the metrics that are necessary to evaluate the IDS, the feature extraction technique FDR and the funcionality about the self-organizing map (SOM). Later in the methodology Item, in the body of the paper, a functional model proposed to described the intrusion detection, such model is validated from the comparation of metrics in simulation develops enviroments. Finally concluded that the detection rates obtained by the proposed functional model are: sensitivity of 97.39% (fits correctly identified as attacks) and a specificityof 62.73% (normal traffic correctly identified as normal traffic) using only 17 features of the dataset input.These results are compared with other simulating scenarios different, consulted from the documentary sources, from which it is suggested to integrate at the proposed model other techniques for training and classification processes to optimize the intrusion detection model.spa
dc.description.abstractEl propósito principal de este estudio es identificar una metodología para validar la efectividad de los sistemas de detección de intrusiones propuestos en tres fases (selección, entrenamiento y clasificación) utilizando FDR para la selección de características y mapas autoorganizados para la clasificación de entrenamiento. Por lo tanto, inicialmente se cubren aspectos básicos introductorios en los primeros cuatro elementos, relacionados con el conjunto de datos de entrada, el sistema de detección de intrusiones y las métricas que son necesarias para evaluar el IDS, la técnica de extracción de características FDR y la funcionalidad sobre el mapa autoorganizado (SOM). ). Más adelante en la metodología Ítem, en el cuerpo del artículo, un modelo funcional propuesto para describir la detección de intrusos, dicho modelo se valida a partir de la comparación de métricas en entornos de desarrollo de simulación. Finalmente, concluyó que las tasas de detección obtenidas por el modelo funcional propuesto son: sensibilidad del 97.39% (se ajusta correctamente como ataques) y una especificidad del 62.73% (tráfico normal correctamente identificado como tráfico normal) usando solo 17 características de la entrada del conjunto de datos. Estos resultados se comparan con otros escenarios de simulación diferentes, consultados desde las fuentes documentales, desde los cuales se sugiere integrar en el modelo propuesto otras técnicas de entrenamiento y procesos de clasificación para optimizar el modelo de detección de intrusos.spa
dc.language.isoengspa
dc.publisherJournal of theoretical and applied information technologyspa
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/*
dc.subjectIntrusion detection system – IDSspa
dc.subjectSelf-organizing map – SOMspa
dc.subjectFisher’s discriminant rate – FDRspa
dc.subjectGaussian mixture model (GMM)spa
dc.subjectDataset NSL-KDDspa
dc.subjectSistema de detección de intrusos - IDSspa
dc.subjectMapa autoorganizado - SOMspa
dc.subjectTasa discriminaste de fisher - FDRspa
dc.subjectMezcla gaussiana modelo (GMM)spa
dc.subjectConjunto de datos NSL-KDDspa
dc.titleImplementation of an intrusion detection system based on self organizing mapspa
dc.title.alternativeImplementación de un sistema de detección de intrusos basado en un mapa auto organizado.spa
dc.typeArticlespa
dcterms.referencesThe NSL-KDD Dataset. http://nsl.cs.unb.ca/NSL-KDD/. SourceFire - Snort. http://www.snort.org/. CheckPoint® Software Technologies Ltd. NFR (Network Flight Recorder). http://www.checkpoint.com/corporate/nfr/index.html. CISCO System. Cisco Intrusion Detection (NetRanger). http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/index.shtml. IBM. RealSecure Network Sensor. http://www947.ibm.com/support/entry/portal/Overview/So ftware/Tivoli/RealSecure_Network_Sensor. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani. “A Detailed Analysis of the KDD CUP 99 Data Set”, IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009, pp. 1 – 6, july 2009. M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang. “A novel anomaly detection scheme based on principal component classifier,” Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM03), pp. 172–179, 2003. USC Information Sciences Intitute. “Common Intrusion Detection Framework”, http://gost.isi.edu/cidf/. Enero-2014. CIDF Working Group (Clifford Kahn, Don Bolinger and Dan Schnackenberg). DRAFT Specification. Communication in the Common Intrusion Detection Framework v 0.7. 8 June 1998.http://gost.isi.edu/cidf/drafts/communication.txt. [10] R. Feiertag, C. Kahn, P. Porras, D. Schnackenberg. A Common Intrusion Specification Language (CISL). 11 June 1999. http://gost.isi.edu/cidf/drafts/language.txt. Common Vulnerabilities and Exposures – CVE. http://cve.mitre.org/about/index.html. Prelude Technologies. http://www.preludetechnologies.com/. SRI - International a real-time IntrusionDetection Expert System (IDES). http://www.csl.sri.com/papers/9sri/9sri.pdf. S. Noel, D. Wijesekera, C. Youman. Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt. In Applications of Data Mining in Computer Security, D. Barbarà and S. Jajodia (eds.), Kluwer Academic Publisher, 2002. A. Lazarevic, J. Srivastava, V. Kumar. A Survey of Intrusion Detection techniques. book "Managing Cyber Threats: Issues, Approaches and Challenges", to be published by Kluwer in spring 2004. A. Balakrishnama. Linear Discriminant Analysis - A Brief Tutorial, Institute for Signal and Information Processing, Department of Electrical and Computer Engineering, Mississippi State University. 1998. R. Fisher. The Use of Multiple Measurements in Taxonomic Problems In: Annals of Eugenics, 7, p. 179—188. 1936. V. Venkatachalam, S. Selvan. Performance comparison of intrusion detection system classifiers using various feature reduction techniques. International journal of simulation, 2008 - Citeseer. T. Kohonen. “Self-organizing Maps”. Springer Series in Information Sciences. Volume 30, 1997. 2nd edition. Kohonen’s Self Organizing Feature Maps. http://www.ai-junkie.com/ann/som/som1.html. D. Phuc, M. Xuan. Using SOM based Graph Clustering for Extracting Main Ideas from Documents. Research, Innovation and Vision for the Future, 2008. RIVF 2008. IEEE International Conference on. p, 209 – 214. July 2008. I. Manolakos, E. Logaras. High throughput systolic SOM IP core for FPGAs. Acoustics, Speech and Signal Processing, 2007. ICASSP 2007. IEEE International Conference on. P, II61 - II-64. April 2007.G K. Yin, L. Gang. Fault Pattern Recognition of Thermodynamic System Based on SOM. Electrical and Control Engineering (ICECE), 2010. International Conference on. P, 3742 – 3745. June 2010. L. Min, W. Dongliang. Anormaly Intrusion Detection Based on SOM. Information Engineering, 2009. ICIE '09. WASE International Conference on. P, 40 – 43. July 2009. J.C. Patra, J. Abraham, P.K. Meher, G. Chakraborty. An Improved SOM-based Visualization Technique for DNA Microarray Data Analysis. Neural Networks (IJCNN), The 2010 International Joint Conference on. P, 1 – 7. July 2010. B. Fritzke. (1995). A growing neural gas network learns topologies. In Tesauro, G., Touretzky, D. S., and Leen, T. K., editors, Advances in Neural Information Processing Systems 7, pages 625–632. MIT Press, Cambridge MA. T. Martinez, K. Schulten, (1994). Topology representing networks. Neural Networks, 7(3):507–522. [28] A. Ocsa, C. Bedregal, E. Cuadros-Vargas, (2007). DB-GNG: A constructive selforganizing map based on density. In Proceedings of the International JointConference on Neural Networks (IJCNN07). IEEE. Y. Prudent, A. Ennaji. (2005). A k nearest classifier design. ELCVIA, 5(2):58–71. R. H. White. (1992). Competitive hebbian learning: algorithm and demonstrations. Neural Networks, 5(2):261–2. F. Mendoza, E. de la hoz, A. de la hoz, Application of feast (Feature Selection Toolbox) in IDS (Intrusion Detection Systems), vol.70, No.3, Journal of Theoretical and Applied Information Technology – JATIT, 2014, pp. 579-585. E. de la Hoz, E. de la Hoz, A. Ortiz, J. Ortega, Network anomaly detection with Bayesian self-organizing maps, in: Proceedings of the International Work-Conference on Artificial Neural Networks (IWANN), LNCS, vol. 7092, Springer-Verlag, 2013, pp. 532–537. E. de la Hoz, A. Ortiz, J. Ortega, E. de la Hoz. Network Anomaly Classification by Support Vector Classifiers Ensemble and Non-linear Projection Techniques, in: Proceedings of the International Conference on Hybrid Artificial Intelligence Systems (HAIS), LNAI, vol. 8073, Springer-Verlag, 2013, pp. 103–111. E. de la Hoz, E. de la Hoz, A. Ortiz, J. Ortega, A. Martínez-Álvarez, Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps, vol. 71, KnowledgeBased Systems, 2014, pp. 322-338. C. Guo et al. Efficient intrusion detection using representative instances, vol. 39, Computers & Security, 2013, pp. 255-267. R. K. Idowu et al. An Application of Membrane Computing to Anomaly-Based Intrusion Detection System, vol. 11, Procedia Technology, 2013, pp. 585–592. G.V. Nadiammai, M. Hemalatha. Effective approach toward Intrusion Detection System using data mining techniques, vol. 15, Egyptian Informatics Journal - Cairo University, 2014, pp. 37–50.spa
dc.rights.accessrightsinfo:eu-repo/semantics/openAccessspa


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record

http://creativecommons.org/licenses/by-nc-sa/4.0/
Except where otherwise noted, this item's license is described as http://creativecommons.org/licenses/by-nc-sa/4.0/