350 rub
Journal Neurocomputers №10 for 2016 г.
Article in number:
Anomaly detection with self-organization Kohonen neuron net
Keywords:
Kohonen-s self-organization neurons net
Kohonen-s network
training of neurons net
anomaly detection
IDS
CUDA
information security
Authors:
V.S. Vedeneev - Lecturer, Department of Radio Physics and Electronics, Chelyabinsk State University
E-mail: ingafen@gmail.com
I.V. Bychkov - Dr.Sc. (Phys.-Math.), Professor, Head of the Department of Radio Physics and Electronics, Chelyabinsk State University
E-mail: bychkov@csu.ru)
Abstract:
Kohonen-s self-organizing map (SOM) is an interesting kind of neuron networks, which uses unsupervised learning and applying the "winner takes all" principle. Typical applications of SOM are clustering, pattern recognition and reducing of N-dimension spaces to 2D representation. One of the application of SOM is anomaly detection.
Three methods of anomaly detection using SOM are described in this work. Every method begins with training of neuron network. After that, we have a trained neuron network and the list of objects associated with neurons.
The first one detects neuron with the least count of associated objects after training of network.
The second one detects objects associated with neuron that differ from other objects also associated with this neuron. Statistical moments of first and second order are used as the measure of difference.
The third one uses a measure of distance between the most popular neuron in network and other neurons from network. The most popular neuron means a neuron with the most count of associated objects. If distance is greater than selected threshold, then all associated objects are marked as anomaly.
Results of applying the third method, which authors propose, are described in this work.
Provided results show great potential of applying SOM to anomaly detection.
Authors hope that acquired results will lead to further research of methods for applying SOM.
Pages: 67-72
References
- Chandola V., Banarjee A., Kumar V. Anomaly Detection: A Survey // ACM Computing Surveys. July 2009. V. 41(3). Article 15.
- Kokhonen T. Samoorganizujushhiesja karty: Per. 3-go angl. izd. M.: Binom. Laboratorija znanijj. 2013. 655 s.
- Osovskijj S. Nejjronnye seti dlja obrabotki informacii. M.: Finansy i statistika. 2002. 230 p.
- Bogoljubov D.P., CHankin A.A., Stemikovskaja K.V. Realizacija algoritma obuchenija samoorganizujushhikhsja kart Kokhonena na graficheskikh processorakh // Promyshlennye ASU i kontrollery. 2012. № 10. S. 30-35.
- Swingler K. Applying neural networks. A practical Guide: Per. JU.P. Masloboeva. URL: http://matlab.exponenta.ru/neuralnetwork/book4/2.php (data obrashhenija: 13.11.2015).
- JAkhjaeva G.EH. Nechetkie mnozhestva i nejjronnye seti: Ucheb. posobie. Izd. 2-e. M.: Internet-Universitet Informacionnykh Tekhnologijj; BINOM. Laboratorija znanijj. 2011. 203 s.
- Vigna G, Kruegel C, Jonsson E (ed). Detecting anomalous network traffic with self-organizing maps. V. 2820 // In: Recent Advances in Intrusion Detection / Ed. by Ramadas M., Ostermann S., Tjaden B. Springer Berlin Heidelberg. 2003. P. 36-54.
- Zapechnikov S.V., Miloslavskaja N.G., Tolstojj A.I., Ushakov D.V. Informacionnaja bezopasnost otkrytykh sistem: Uchebnik dlja vuzov. V 2-kh t. T. 2. Sredstva zashhity v setjakh. M.: Gorjachaja linija - Telekom. 2008. 356 p.
- Sarasamma T.S., Qiuming A.Z., Huff J. Hierarchical Kohonen net for anomaly detection in network security // IEEE transactions on system, man and cybernetics - part b: cybernetics. April 2005. V. 2. № 35 P. 302-312.