Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Informatik 2014 P-232, 913-924 (2014).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


A comprehensive model for revealing anomaly in network data flow

Maher Salem and Ulrich Buehler


Large computer and communication networks lead to the generation of massive data flows. The difficulty of analyzing and managing these data in network security degrades the online detection of intrusion and suspicious connections. To overcome this problem, we present a comprehensive model that handles the traffic of computer networks and uncovers intrusions in real time. The model consists of dataset generator and intrusion detector. The dataset generator captures, analyzes and manages the live traffic using a dynamic queuing concept. It continuously constructs connection vectors from the live traffic and exports them either as datasets or sequentially into a pipe for further processing. The intrusion detector is based on an enhanced growing hierarchical self organizing map which classifies exported vectors to normal, anomaly or unknown connections. The model has been evaluated using synthetic and realistic data sources. It is able to process data flows within significant time and classifies the connections in the online mode effectively.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-626-8

Last changed 18.11.2014 21:17:40