User-Based Network Anomaly Detection Using Self-Organizing Maps

Catherine Edwards

Enterprise cybersecurity breaches are becoming more costly and more common as attackers develop sophisticated techniques to bypass rule-based network intrusion detection systems. Though intrusion patterns are constantly changing, we expect these breaches to produce anomalous network traffic that can be distinguished from benign user behavior on our networks. In our approach to addressing this challenge, we apply unsupervised learning using a Self Organizing Map to detect anomalous user-based network activity.