Skip to Main Content
Neural networks play a vital role in contemporary intrusion detection systems. This paper presents a framework for anomaly based host-level intrusion detection system, using a category of neural networks called self-organizing map (SOM). The proposed work takes a different perspective to intrusion detection by applying data mining techniques to the host-behavior data, to detect intrusions. The behavior of the system is defined in terms of a "behavior set" rather than using a single parameter. This facilitates greater accuracy in describing the behavior of the system and helps in reducing false-positives. The unlabelled data is processed using a SOM, which is trained by an unsupervised learning algorithm namely "simple competitive learning". Unsupervised learning enables the SOM to detect new and novel attacks.