A UNIX Anomaly Detection System using Self-Organising Maps

12/1/98


Click here to start


Table of Contents

A UNIX Anomaly Detection System using Self-Organising Maps

The Structure of the Presentation

Introduction: Research Motivation Why Intrusion Detection?

Defenition: Intrusion

Some Types of Intrusions

How to Find Intruders?

Security System Components Javitz (1992)

Our Objectives

The Anomaly Detection System

Data Gathering and Processing

Properties of the Self Organising Map

The Kohonen Self Organising Map (SOM)

The SOM Algorithm

User Behaviour Visualisation

Example: User 42

Analysis of Map for User 42

Feature Planes For SOM on slide 15

PPT Slide

Automatic Anomaly Detection

Example: Anomaly Report

The Visualisation Map of User 8

The Yesterday (Y1) Data for User 8

The Visualisation Map of User 48

The Yesterday (Y1) Data for User 48

An Interesting Example

Results

PPT Slide

Author: Albert Höglund