自己組織化マップを用いた不正アクセス検知(一般講演B,自己組織化マップ)

抄録

In this article, we introduce a method of intrusion detection based on self-organizing maps (SOM). As learning cost, we made input vectors from Snort, which is an open source intrusion detection system (IDS). Snort has detection rules as signature files. There are two approaches in IDS : Misuse Intrusion Detection (MID) and Anomaly Intrusion Detection (AID). We inspect our method to be sure that it can detect distributed denial of service (DDoS) attacks which MID can't detect. In the result, it can't detect all of them, but can detect subspecies of known attacks. So, the maps are available for detecting unknown attacks especially DDoS. We will implement our method into Snort or other software, and verify detecting behavior.