Network traffic classification with SELF ORGANIZING MAPS


22nd International Symposium on Computer and Information Sciences, Ankara, Turkey, 7 - 09 November 2007, pp.147-148 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/iscis.2007.4456852
  • City: Ankara
  • Country: Turkey
  • Page Numbers: pp.147-148
  • Keywords: component, network traffic, classification, intrusion detection, anomaly detection, SNMP, SOM, self organizing maps, neural networks
  • Anadolu University Affiliated: Yes


Anomaly detection in network traffic is one of the most challenging topics in the study of computer science and networking. This paper introduces a classification method for analyzing network traffic behavior. In order to distinguish the normal traffic with well-known anomalies such as port scanning and DOS attacks, Self Organizing Maps (SOMs), one of the well-known artificial neural network architecture, is used. The measurement of traffic is performed by using Simple Network Management Protocol (SNMP). In this work, it is proposed a SOM-based classifier to discriminate three types of network traffic as port scanning, heavy-download and the rests. It is worth to mention that impressively satisfactory results have been obtained. The method has also been enhanced to obtain better results by trying to rind trajectories on the map with sliding the input vectors in time and developed an alarm mechanism. Here it is possible to detect whether consecutive trajectories are hit by one of the classes or not. The success rate of the system is approximate to certain.