Improving the Performance of Self-Organizing Maps for Intrusion Detection

James D. Cannady; Steven McElwee

doi:10.1109/SECON.2016.7506766

Improving the Performance of Self-Organizing Maps for Intrusion Detection

James D. Cannady
, Steven McElwee

Research output: Contribution to journal › Article › peer-review

10 Scopus citations

Abstract

The use of self-organizing maps in intrusion detection has not been practical for attack analysis as a result of the computational processing time required for large volumes of data. Although previous research has addressed this problem through optimizing the algorithms used for self-organizing maps and through feature reduction, there is no existing solution for using self-organizing maps for intrusion detection that adequately addresses the problem of computational performance to make self-organizing maps practical for analysis of intrusion detection data. This research demonstrates a method of preprocessing that includes discretization, deduplication, binary filtering for imbalanced datasets, and feature extraction to improve the performance and optimize the quality of clustering in self-organizing maps.

Original language	American English
Journal	SoutheastCon 2016
DOIs	https://doi.org/10.1109/SECON.2016.7506766
State	Published - Jan 1 2016

Keywords

KDD CCUP 99
binary classification
binary filtering
consensus neural networks
feature extraction
independent component analysis
intrusion detection
principal component analysis
self-organizing maps

Disciplines

Computer Sciences

Access to Document

10.1109/SECON.2016.7506766License: Unspecified

Cite this

@article{49d1beb55fc04ca4a96af74c743ccbba,

title = "Improving the Performance of Self-Organizing Maps for Intrusion Detection",

abstract = " The use of self-organizing maps in intrusion detection has not been practical for attack analysis as a result of the computational processing time required for large volumes of data. Although previous research has addressed this problem through optimizing the algorithms used for self-organizing maps and through feature reduction, there is no existing solution for using self-organizing maps for intrusion detection that adequately addresses the problem of computational performance to make self-organizing maps practical for analysis of intrusion detection data. This research demonstrates a method of preprocessing that includes discretization, deduplication, binary filtering for imbalanced datasets, and feature extraction to improve the performance and optimize the quality of clustering in self-organizing maps.",

keywords = "KDD CCUP 99, binary classification, binary filtering, consensus neural networks, feature extraction, independent component analysis, intrusion detection, principal component analysis, self-organizing maps",

author = "Cannady, \{James D.\} and Steven McElwee",

year = "2016",

month = jan,

day = "1",

doi = "10.1109/SECON.2016.7506766",

language = "American English",

journal = "SoutheastCon 2016",

}

TY - JOUR

T1 - Improving the Performance of Self-Organizing Maps for Intrusion Detection

AU - Cannady, James D.

AU - McElwee, Steven

PY - 2016/1/1

Y1 - 2016/1/1

N2 - The use of self-organizing maps in intrusion detection has not been practical for attack analysis as a result of the computational processing time required for large volumes of data. Although previous research has addressed this problem through optimizing the algorithms used for self-organizing maps and through feature reduction, there is no existing solution for using self-organizing maps for intrusion detection that adequately addresses the problem of computational performance to make self-organizing maps practical for analysis of intrusion detection data. This research demonstrates a method of preprocessing that includes discretization, deduplication, binary filtering for imbalanced datasets, and feature extraction to improve the performance and optimize the quality of clustering in self-organizing maps.

AB - The use of self-organizing maps in intrusion detection has not been practical for attack analysis as a result of the computational processing time required for large volumes of data. Although previous research has addressed this problem through optimizing the algorithms used for self-organizing maps and through feature reduction, there is no existing solution for using self-organizing maps for intrusion detection that adequately addresses the problem of computational performance to make self-organizing maps practical for analysis of intrusion detection data. This research demonstrates a method of preprocessing that includes discretization, deduplication, binary filtering for imbalanced datasets, and feature extraction to improve the performance and optimize the quality of clustering in self-organizing maps.

KW - KDD CCUP 99

KW - binary classification

KW - binary filtering

KW - consensus neural networks

KW - feature extraction

KW - independent component analysis

KW - intrusion detection

KW - principal component analysis

KW - self-organizing maps

UR - https://nsuworks.nova.edu/gscis_facarticles/443

U2 - 10.1109/SECON.2016.7506766

DO - 10.1109/SECON.2016.7506766

M3 - Article

JO - SoutheastCon 2016

JF - SoutheastCon 2016

ER -

Improving the Performance of Self-Organizing Maps for Intrusion Detection

Abstract

Keywords

Disciplines

Access to Document

Other files and links

Fingerprint

Cite this