Anomaly Detection with Self-Organizing Maps and Effects of Principal Component Analysis on Feature Vectors

Network anomaly detection is the problem of scrutinizing of unauthorized use of computer systems over a network. In literature there are plenty different methods produced for detecting network anomalies and the process of anomaly detection is one of the major topics that computer science is working on. In this work, a classification method is introduced to perform this discrimination based on self organizing network (SOM) classifier. Also, rather than proving well-known abilities of SOM on classification, our main concern in this work was investigating effects of principal component analysis on quality of feature vectors. In order to signify the power of success, KDD Cup 1999 dataset is used. KDD Cup dataset is a common benchmark for evaluation of intrusion detection techniques. The dataset consists of several components and here, it is used `10% corrected´ test dataset. Since the feature vectors obtained from the dataset have prominent impact of success on the method, the usage of PCA and a method of choosing reliable components are introduced. At the end it is mentioned that the success of decision by the proposed method has been improved. In order to clarify this improvement, a detailed comparison of changing number of principal components on the success of decision mechanism is given.