26.8 CENTRALIZED ATTACK DETECTION

Neural networks are known to be a very powerful tool in detecting anomalous network traffic in high-performance networks. One such class of neural networks that has been used extensively for intrusion detection and attack detection is the self-organising map (SOM). A SOM is a nonlinear, ordered, smooth mapping of high-dimensional input data manifolds onto the elements of a regular, low-dimensional array [20]. From an intrusion detection perspective, the resulting geometric map of neurons depicts patterns of actual network traffic flow. By constructing a lattice mapping of higher dimensional data, the SOM facilitates visualization and subsequent analysis of data required for detecting anomalies in network traffic. The SOM algorithm is topology preserving in nature, that is, input pattern vectors close to each other in terms of similarity are mapped on neurons of the map, which are in close proximity to each other [12]. This characteristic of the SOM neural network makes it more practical for accurate differentiation between normal and anomalous network behavior. Several SOM-based intrusion detection schemes have been proposed in Refs [11, 12]. In wireless sensor networks, self-organizing maps have been introduced for generation of optimal data-aggregation trees [13] and context classification [2].

images

Figure 26.5 SOM overlay on base station.

We propose ...

Get Mobile Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.