Comments

Published in Langin, C., Zhou, H., Rahimi, S., Zargham, M., & Gupta, B. (2009). A self-organizing map and its modeling for discovering malignant network traffic. IEEE Symposium on Computational Intelligence in Cyber Security, 2009. CICS '09, 122-129. doi: 10.1109/CICYBS.2009.4925099 ©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Abstract

Model-based intrusion detection and knowledge discovery are combined to cluster and classify P2P botnet traffic and other malignant network activity by using a Self-Organizing Map (SOM) self-trained on denied Internet firewall log entries. The SOM analyzed new firewall log entries in a case study to classify similar network activity, and discovered previously unknown local P2P bot traffic and other security issues.

Share

COinS