A UNIX Anomaly Detection System using Self-Organising Maps

The Structure of the Presentation

Introduction: Research Motivation Why Intrusion Detection?

Defenition: Intrusion

Some Types of Intrusions

How to Find Intruders?

Security System Components Javitz (1992)

Our Objectives

The Anomaly Detection System

Data Gathering and Processing

Properties of the Self Organising Map

The Kohonen Self Organising Map (SOM)

The SOM Algorithm

User Behaviour Visualisation

Example: User 42

Analysis of Map for User 42

Feature Planes For SOM on slide 15

PPT Slide

Automatic Anomaly Detection

Example: Anomaly Report

The Visualisation Map of User 8

The Yesterday (Y1) Data for User 8

The Visualisation Map of User 48

The Yesterday (Y1) Data for User 48

An Interesting Example


PPT Slide