Abstract

In this paper we describe an implementation of a network based Intrusion Detection System (IDS) using Self-Organizing Maps (SOM). The system uses a structured SOM to classify real-time Ethernet network data. A graphical tool continuously displays the clustered data to reflect network activities. Different system parameters such as data collection, data preprocessing and classifier structure are discussed. The systems shows promise in its ability to classify regular v.s. irregular and possibly intrusive network traffic for a given host.