Abstract
Model-based intrusion detection and knowledge discovery are combined to cluster and classify P2P botnet traffic and other malignant network activity by using a Self-Organizing Map (SOM) self-trained on denied Internet firewall log entries. The SOM analyzed new firewall log entries in a case study to classify similar network activity, and discovered previously unknown local P2P bot traffic and other security issues.
| Original language | English |
|---|---|
| Title of host publication | 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings |
| DOIs | |
| State | Published - 20 Jul 2009 |
| Event | 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Nashville, TN, United States Duration: 30 Mar 2009 → 2 Apr 2009 |
Publication series
| Name | 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings |
|---|
Conference
| Conference | 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 |
|---|---|
| Country | United States |
| City | Nashville, TN |
| Period | 30/03/09 → 2/04/09 |
Fingerprint
Cite this
Langin, C., Zhou, H., Rahimi, S., Gupta, B., Zargham, M., & Sayeh, M. R. (2009). A self-organizing map and its modeling for discovering malignant network traffic. In 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings [4925099] (2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings). https://doi.org/10.1109/CICYBS.2009.4925099