Show simple item record

dc.contributor.authorPalomo, E. J.en
dc.contributor.authorNorth, J.en
dc.contributor.authorElizondo, Daviden
dc.contributor.authorLuque, R. M.en
dc.contributor.authorWatson, T.en
dc.date.accessioned2012-08-08T14:01:39Z
dc.date.available2012-08-08T14:01:39Z
dc.date.issued2012-08
dc.identifier.citationPalomo, E.J., North, J., Elizondo, D., Luque, R.M. and Watson T (2012) Application of growing hierarchical SOM for visualisation of network forensics traffic data. Neural Networks (Special Issue), 32, pp 275-284en
dc.identifier.issn0893-6080
dc.identifier.urihttp://hdl.handle.net/2086/6725
dc.description.abstractDigital investigation methods are becoming more and more important due to the proliferation of digital crimes and crimes involving digital evidence. Network forensics is a research area that gathers evidence by collecting and analysing network traffic data logs. This analysis can be a difficult process, especially because of the high variability of these attacks and large amount of data. Therefore, software tools that can help with these digital investigations are in great demand. In this paper, a novel approach to analysing and visualising network traffic data based on growing hierarchical self-organising maps (GHSOM) is presented. The self-organising map (SOM) has been shown to be successful for the analysis of highly dimensional input data in data mining applications as well as for data visualisation in a more intuitive and understandable manner. However, the SOM has some problems related to its static topology and its inability to represent hierarchical relationships in the input data. The GHSOM tries to overcome these limitations by generating a hierarchical architecture that is automatically determined according to the input data and reflects the inherent hierarchical relationships among them. Moreover, the proposed GHSOM has been modified to correctly treat the qualitative features that are present in the traffic data in addition to the quantitative features. Experimental results show that this approach can be very useful for a better understanding of network traffic data, making it easier to search for evidence of attacks or anomalous behaviour in a network environment.en
dc.language.isoenen
dc.publisherElsevieren
dc.subjectnetwork forensicsen
dc.subjecthierarchical self-organisationen
dc.subjectdata clusteringen
dc.subjectdata visualisationen
dc.subjectfeature extractionen
dc.titleApplication of growing hierarchical SOM for visualisation of network forensics traffic dataen
dc.typeArticleen
dc.identifier.doihttp://dx.doi.org/10.1016/j.neunet.2012.02.021
dc.researchgroupDIGITSen
dc.ref2014.selected1367395509_0110730109983_11_1
dc.researchinstituteInstitute of Artificial Intelligence (IAI)en


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record