Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
ohiou1113833809.pdf (1.31 MB)
ETD Abstract Container
Abstract Header
Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps
Author Info
Sawant, Ankush
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1113833809
Abstract Details
Year and Degree
2005, Master of Science (MS), Ohio University, Electrical Engineering & Computer Science (Engineering and Technology).
Abstract
Anomaly-based intrusion detection systems identify intrusions by monitoring network traffic for abnormal behavior. Integrated Network-Based Ohio University Network Detective Service (INBOUNDS) is an anomaly-based intrusion detection system being developed at Ohio University. The Multiple Self-organizing map based Intrusion Detection System (MSIDS) module for INBOUNDS analyzes the time-based behavior of normal network connections for anomalies, using the Self-Organizing Map (SOM) algorithm. The MSIDS module builds profiles of normal network behavior by characterizing the network traffic with four parameters. A SOM, developed for each time interval, captures the characteristic network behavior for that time interval using the four parameters. This approach achieves better characterization of normal network behavior, leading to better intrusion detection capability. During real-time operation, the four-dimensional vectors, representing the attack connection for the time intervals, are fed into respective trained SOMs. For each input vector in the four-dimensional space, a “winner” neuron is determined. If the distance between the input vector and the winner neuron for any SOM is greater than a certain threshold value, the MSIDS module classifies the network connection as an intrusion. Moreover, detecting the attack in early stages of the connection leads to near real-time response to intrusions.
Committee
Carl Bruggeman (Advisor)
Pages
82 p.
Keywords
Network Security
;
Intrusion Detection
;
Self-Organizing Maps
;
Anomaly Detection
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Sawant, A. (2005).
Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps
[Master's thesis, Ohio University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1113833809
APA Style (7th edition)
Sawant, Ankush.
Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps.
2005. Ohio University, Master's thesis.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1113833809.
MLA Style (8th edition)
Sawant, Ankush. "Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps." Master's thesis, Ohio University, 2005. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1113833809
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
ohiou1113833809
Download Count:
1,276
Copyright Info
© 2005, all rights reserved.
This open access ETD is published by Ohio University and OhioLINK.