Anomaly Detection in Ethernet Networks Using Self Organising Maps

The network is a highly vulnerable venture for any organization that needs to have a set of computers for their work and needs to communicate among them. Any large organization that sets up a network needs a basic Ethernet or wireless framework for transferring data. Nevertheless the security concern of the organization creeps in and the computers storing the highly sensitive data need to be safeguarded. The threat to the network comes from the internal network as well as the external network. The amount of monitoring data generated in computer networks is enormous. Tools are needed to ease the work of system operators. Anomaly detection attempts to recognize abnormal behavior to detect intrusions. We have concentrated to design a prototype UNIX Anomaly Detection System. Neural Networks are tolerant of imprecise data and uncertain information. We worked to devise a tool for detecting such intrusions into the network. The tool uses the machine learning approaches ad clustering techniques like Self Organizing Map and compares it with the k-means approach. Our system is described for applying hierarchical unsupervised neural network to intrusion detection system. The network connection is characterized by six parameters and specified as a six dimensional vectors. The self organizing map creates a two dimensional lattice of neurons for network for each network service. During real time analysis, network features are fed to the neural network approaches and a winner is selected by finding a neuron that is closest in distance to it. The network is then classified as an intrusion if the distance is more than a preset threshold. The evaluation of this approach will be based on data sets provided by the Defense Advanced Research Projects Agency (DARPA) IDS evaluation in 1999

Intelligent Anomaly Detection of Machine Tools based on Mean Shift Clustering

For a fault detection of machine tools, fixed intervention thresholds are usually necessary. In order to provide an autonomous anomaly detection without the need for fixed limits, recurring patterns must be detected in the signal data. This paper presents an approach for online pattern recognition on NC Code based on mean shift clustering that will be matched with drive signals. The intelligent fault detection system learns individual intervention thresholds based on the prevailing machining patterns. Using a self-organizing map, data captured during the machine’s operation are assigned to a normal or malfunction state

Malware classification using self organising feature maps and machine activity data

In this article we use machine activity metrics to automatically distinguish between malicious and trusted portable executable software samples. The motivation stems from the growth of cyber attacks using techniques that have been employed to surreptitiously deploy Advanced Persistent Threats (APTs). APTs are becoming more sophisticated and able to obfuscate much of their identifiable features through encryption, custom code bases and in-memory execution. Our hypothesis is that we can produce a high degree of accuracy in distinguishing malicious from trusted samples using Machine Learning with features derived from the inescapable footprint left behind on a computer system during execution. This includes CPU, RAM, Swap use and network traffic at a count level of bytes and packets. These features are continuous and allow us to be more flexible with the classification of samples than discrete features such as API calls (which can also be obfuscated) that form the main feature of the extant literature. We use these continuous data and develop a novel classification method using Self Organizing Feature Maps to reduce over fitting during training through the ability to create unsupervised clusters of similar ‘behaviour’ that are subsequently used as features for classification, rather than using the raw data. We compare our method to a set of machine classification methods that have been applied in previous research and demonstrate an increase of between 7.24% and 25.68% in classification accuracy using our method and an unseen dataset over the range of other machine classification methods that have been applied in previous research