Kyoung Ae Hwang   Ha Young Oh   Ji Young Lim   Ki Joon Chae   Jung Chan Nah

Vol. 12,  No. 5, pp. 649-658, Oct.  2005
10.3745/KIPSTC.2005.12.5.649

PDF

Since the Network based attack is extensive in the real state of damage, It is very important to detect intrusion quickly at the beginning. But the intrusion detection using supervised learning needs either the preprocessing enormous data or the manager's analysis. Also it has two difficulties to detect abnormal traffic that the manager's analysis might be incorrect and would miss thereal time detectiom. In this paper, we propose a traffic attributes correlation analysis mechnism based on self-organization maps(SOM) for the real-time intrusion detection. The proposed mechnism has tree steps. First, with unsupervised learning build a map cluster composed of similar traffic. Second, label each map cluster to divide the map into normal traffic and abnormal traffic. In this step there is a rule which is created through the correlation analysis with SOM. At last, the mechanism would the process real-time detecting and updating gradually. During a lot of experiments the proposed mechanism has good performance in real-time intrusion to combine of unsupervised learning and supervised learning than that of supervised learning.