Network traffic classification with SELF ORGANIZING MAPS


KIZILÖREN T., GERMEN E.

22nd International Symposium on Computer and Information Sciences, Ankara, Türkiye, 7 - 09 Kasım 2007, ss.147-148 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/iscis.2007.4456852
  • Basıldığı Şehir: Ankara
  • Basıldığı Ülke: Türkiye
  • Sayfa Sayıları: ss.147-148
  • Anahtar Kelimeler: component, network traffic, classification, intrusion detection, anomaly detection, SNMP, SOM, self organizing maps, neural networks
  • Anadolu Üniversitesi Adresli: Evet

Özet

Anomaly detection in network traffic is one of the most challenging topics in the study of computer science and networking. This paper introduces a classification method for analyzing network traffic behavior. In order to distinguish the normal traffic with well-known anomalies such as port scanning and DOS attacks, Self Organizing Maps (SOMs), one of the well-known artificial neural network architecture, is used. The measurement of traffic is performed by using Simple Network Management Protocol (SNMP). In this work, it is proposed a SOM-based classifier to discriminate three types of network traffic as port scanning, heavy-download and the rests. It is worth to mention that impressively satisfactory results have been obtained. The method has also been enhanced to obtain better results by trying to rind trajectories on the map with sliding the input vectors in time and developed an alarm mechanism. Here it is possible to detect whether consecutive trajectories are hit by one of the classes or not. The success rate of the system is approximate to certain.