Skip to content Skip to navigation
University of Warwick
  • Study
  • |
  • Research
  • |
  • Business
  • |
  • Alumni
  • |
  • News
  • |
  • About

University of Warwick
Publications service & WRAP

Highlight your research

  • WRAP
    • Home
    • Search WRAP
    • Browse by Warwick Author
    • Browse WRAP by Year
    • Browse WRAP by Subject
    • Browse WRAP by Department
    • Browse WRAP by Funder
    • Browse Theses by Department
  • Publications Service
    • Home
    • Search Publications Service
    • Browse by Warwick Author
    • Browse Publications service by Year
    • Browse Publications service by Subject
    • Browse Publications service by Department
    • Browse Publications service by Funder
  • Help & Advice
University of Warwick

The Library

  • Login
  • Admin

Application of growing hierarchical SOM for visualisation of network forensics traffic data

Tools
- Tools
+ Tools

Palomo, E. J., North, J., Elizondo, D., Luque, R. M. and Watson, Tim (2012) Application of growing hierarchical SOM for visualisation of network forensics traffic data. Neural Networks, 32 . pp. 275-284. doi:10.1016/j.neunet.2012.02.021

Research output not available from this repository, contact author.
Official URL: http://dx.doi.org/10.1016/j.neunet.2012.02.021

Request Changes to record.

Abstract

Digital investigation methods are becoming more and more important due to the proliferation of digital crimes and crimes involving digital evidence. Network forensics is a research area that gathers evidence by collecting and analysing network traffic data logs. This analysis can be a difficult process, especially because of the high variability of these attacks and large amount of data. Therefore, software tools that can help with these digital investigations are in great demand. In this paper, a novel approach to analysing and visualising network traffic data based on growing hierarchical self-organising maps (GHSOM) is presented. The self-organising map (SOM) has been shown to be successful for the analysis of highly-dimensional input data in data mining applications as well as for data visualisation in a more intuitive and understandable manner. However, the SOM has some problems related to its static topology and its inability to represent hierarchical relationships in the input data. The GHSOM tries to overcome these limitations by generating a hierarchical architecture that is automatically determined according to the input data and reflects the inherent hierarchical relationships among them. Moreover, the proposed GHSOM has been modified to correctly treat the qualitative features that are present in the traffic data in addition to the quantitative features. Experimental results show that this approach can be very useful for a better understanding of network traffic data, making it easier to search for evidence of attacks or anomalous behaviour in a network environment.

Item Type: Journal Article
Divisions: Faculty of Science > WMG (Formerly the Warwick Manufacturing Group)
Journal or Publication Title: Neural Networks
Publisher: Pergamon
ISSN: 0893-6080
Official Date: 2012
Dates:
DateEvent
2012UNSPECIFIED
Volume: 32
Page Range: pp. 275-284
DOI: 10.1016/j.neunet.2012.02.021
Status: Peer Reviewed
Publication Status: Published
Access rights to Published version: Restricted or Subscription Access

Request changes or add full text files to a record

Repository staff actions (login required)

View Item View Item
twitter

Email us: wrap@warwick.ac.uk
Contact Details
About Us