A Self-Organizing Map and Its Modeling for Discovering Malignant Network Traffic
Model-based intrusion detection and knowledge discovery are combined to cluster and classify P2P botnet traffic and other malignant network activity by using a Self-Organizing Map (SOM) self-trained on denied Internet firewall log entries. The SOM analyzed new firewall log entries in a case study to classify similar network activity, and discovered previously unknown local P2P bot traffic and other security issues.
MSU Digital Commons Citation
Langin, Chet; Zhou, Hongbo; Rahimi, Shahram; Gupta, Bidyut; Zargham, Mehdi; and Sayeh, Mohammad R., "A Self-Organizing Map and Its Modeling for Discovering Malignant Network Traffic" (2009). Department of Computer Science Faculty Scholarship and Creative Works. 67.