intelligent database systems lab presenter : yan-shou sie authors : e.j. palomo, j. north, d....
TRANSCRIPT
Intelligent Database Systems Lab
Presenter : YAN-SHOU SIE
Authors : E.J. Palomo , J. North , D. Elizondo , R.M. Luque
, T. Watson
2012. NN
Application of growing hierarchical SOM for visualisation of network forensics traffic data
Intelligent Database Systems Lab
Outlines
MotivationObjectivesMethodologyExperimentsConclusionsComments
Intelligent Database Systems Lab
Motivation
• In information burst age,network of packets are too large cause network attack pattern difficult to find and identifying the error's data in the pattern that data take.
Intelligent Database Systems Lab
Objectives
• We utilize GHSOM to find network attack pattern , have following advantage:– A visualisation technique can more intuitive and
understandable.– Network attack pattern be easy find or judge.
Intelligent Database Systems Lab
Methodology• Growing hierarchical self-organising map– consists of several growing SOMs
arranged in layers– quantitative features– qualitative features
Intelligent Database Systems Lab
Methodology• GHSOM flow charts
Intelligent Database Systems Lab
• Euclidean distance
• quantisation error
• hierarchical growth controlled
Methodology
Intelligent Database Systems Lab
Methodology• winning neuron of the map
• weight vector update
• map growth controlled
Intelligent Database Systems Lab
Experiments• Feature extraction
• Finally feature subset – qualitative : IP source address, IP destination address , protocol
type , source port
– quantitative :date, time, packet length and delta time
Captured packets
handled missing value
Feature selection
Intelligent Database Systems Lab
Experiments• Data visualization
3D GHSOM 2D GHSOM
Intelligent Database Systems Lab
Experiments• plot of the input data hits
Layer-1
Layer-2
Intelligent Database Systems Lab
Experiments• U-matrix
Layer-1
Layer-2
Intelligent Database Systems Lab
Experiments• Component planes – Layer 1
Layer-1
Intelligent Database Systems Lab
Experiments• Component planes– Layer 2
Layer-2
Intelligent Database Systems Lab
Experiments• distribution of countries of origin
Intelligent Database Systems Lab
Conclusions• The results show that the GHSOM can be used to
cluster network traffic data and to represent this in a manner that can be of aid in network forensics. Therefore,this information can allow an expert in the field to successfully conclude a digital investigation.
Intelligent Database Systems Lab
Comments• Advantages– Use visualisation technique help user can more
intuitive and understandable to watch data.
• Applications– Network forensics– network forensics