IDS Based on Bio-Inspired Models

Unsupervised projection approaches can support Intrusion Detection Systems for computer network security. The involved technologies assist a network manager in detecting anomalies and potential threats by an intuitive display of the progression of network traffic. Projection methods operate as smart compression tools and map raw, high-dimensional traffic data into 2-D or 3-D spaces for subsequent graphical display. The paper compares three projection methods, namely, Cooperative Maximum Likelihood Hebbian Learning, Auto-Associative Back-Propagation networks and Principal Component Analysis. Empirical tests on anomalous situations related to the Simple Network Management Protocol (SNMP) confirm the validity of the projection-based approach. One of these anomalous situations (the SNMP community search) is faced by these projection models for the first time. This work also highlights the importance of the time-information dependence in the identification of anomalous situations in the case of the applied methods.