Title :
A computer host-based user anomaly detection system using the self-organizing map
Author :
Hoglund, Albert J. ; Hatonen, Kimmo ; Sorvar, Antti S.
Author_Institution :
Nokia Res. Center, Finland
Abstract :
Computer systems are vulnerable to abuse by insiders and to penetration by outsiders. The amount of monitoring data generated in computer networks is enormous. Tools are needed to ease the work of system operators. Anomaly detection attempts to recognize abnormal behavior to detect intrusions. A prototype UNIX anomaly detection system has been constructed. The system is host-based and monitors computer network host users. The system contains an automatic anomaly detection component. This component uses a test based on the self-organizing map to test if user behavior is anomalous. Both the test and the application are presented
Keywords :
computer networks; security of data; self-organising feature maps; abnormal behavior; abuse; anomalous behaviour; computer host-based user anomaly detection system; intrusion detection; self-organizing map; Automatic testing; Clustering algorithms; Computer displays; Computer network management; Computer networks; Computerized monitoring; Data visualization; Information security; Intrusion detection; Prototypes;
Conference_Titel :
Neural Networks, 2000. IJCNN 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on
Conference_Location :
Como
Print_ISBN :
0-7695-0619-4
DOI :
10.1109/IJCNN.2000.861504
