A FEATURE SELECTION AGENT-BASED IDS



Similar documents
A cooperative connectionist IDS model to identify independent anomalous SNMP situations

Testing CAB-IDS through Mutations: on the Identification of Network Scans

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign

L10: Linear discriminants analysis

An Interest-Oriented Network Evolution Mechanism for Online Communities

A Hierarchical Anomaly Network Intrusion Detection System using Neural Network Classification

On-Line Fault Detection in Wind Turbine Transmission System using Adaptive Filter and Robust Statistical Features

A Secure Password-Authenticated Key Agreement Using Smart Cards

RequIn, a tool for fast web traffic inference

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

Vision Mouse. Saurabh Sarkar a* University of Cincinnati, Cincinnati, USA ABSTRACT 1. INTRODUCTION

Network Security Situation Evaluation Method for Distributed Denial of Service

A Passive Network Measurement-based Traffic Control Algorithm in Gateway of. P2P Systems

Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection

Lecture 2: Single Layer Perceptrons Kevin Swingler

Statistical Approach for Offline Handwritten Signature Verification

THE APPLICATION OF DATA MINING TECHNIQUES AND MULTIPLE CLASSIFIERS TO MARKETING DECISION

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

Forecasting the Direction and Strength of Stock Market Movement

A Parallel Architecture for Stateful Intrusion Detection in High Traffic Networks

Improved SVM in Cloud Computing Information Mining

Can Auto Liability Insurance Purchases Signal Risk Attitude?

Efficient Project Portfolio as a tool for Enterprise Risk Management

Negative Selection and Niching by an Artificial Immune System for Network Intrusion Detection

A Multi-Camera System on PC-Cluster for Real-time 3-D Tracking

Invoicing and Financial Forecasting of Time and Amount of Corresponding Cash Inflow

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS

IWFMS: An Internal Workflow Management System/Optimizer for Hadoop

Genetic Algorithm Based Optimization Model for Reliable Data Storage in Cloud Environment

CONSISTENT VEHICLES TRACKING BY USING A COOPERATIVE DISTRIBUTED VIDEO SURVEILLANCESYSTEM

Multi-sensor Data Fusion for Cyber Security Situation Awareness

An Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple Protocols

Automated Network Performance Management and Monitoring via One-class Support Vector Machine

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

Fault tolerance in cloud technologies presented as a service

Application of Multi-Agents for Fault Detection and Reconfiguration of Power Distribution Systems

IMPACT ANALYSIS OF A CELLULAR PHONE

Data Mining from the Information Systems: Performance Indicators at Masaryk University in Brno

A Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture

Adaptive Intrusion Detection based on Boosting and Naïve Bayesian Classifier

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

Research of Network System Reconfigurable Model Based on the Finite State Automation

Single and multiple stage classifiers implementing logistic discrimination

Performance Analysis and Coding Strategy of ECOC SVMs

Gender Classification for Real-Time Audience Analysis System

A Perfect QoS Routing Algorithm for Finding the Best Path for Dynamic Networks

Traffic State Estimation in the Traffic Management Center of Berlin

Mining Multiple Large Data Sources

What is Candidate Sampling

Scalable and Secure Architecture for Digital Content Distribution

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing

iavenue iavenue i i i iavenue iavenue iavenue

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

HowHow to Find the Best Online Stock Broker

denote the location of a node, and suppose node X . This transmission causes a successful reception by node X for any other node

Classification of Network Traffic via Packet-Level Hidden Markov Models

PERFORMANCE COMPARISON OF INTRUSION DETECTION SYSTEM USING VARIOUS TECHNIQUES A REVIEW

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

Offline Verification of Hand Written Signature using Adaptive Resonance Theory Net (Type-1)

A Crossplatform ECG Compression Library for Mobile HealthCare Services

Data security in Intelligent Transport Systems

Research Article QoS and Energy Aware Cooperative Routing Protocol for Wildfire Monitoring Wireless Sensor Networks

Figure 1. Time-based operation of AIDP.

Abstract. 1. Introduction

An artificial Neural Network approach to monitor and diagnose multi-attribute quality control processes. S. T. A. Niaki*

The OC Curve of Attribute Acceptance Plans

An Alternative Way to Measure Private Equity Performance

How To Classfy Onlne Mesh Network Traffc Classfcaton And Onlna Wreless Mesh Network Traffic Onlnge Network

A neuro-fuzzy collaborative filtering approach for Web recommendation. G. Castellano, A. M. Fanelli, and M. A. Torsello *

RELIABILITY, RISK AND AVAILABILITY ANLYSIS OF A CONTAINER GANTRY CRANE ABSTRACT

A Statistical Model for Detecting Abnormality in Static-Priority Scheduling Networks with Differentiated Services

MACHINE VISION SYSTEM FOR SPECULAR SURFACE INSPECTION: USE OF SIMULATION PROCESS AS A TOOL FOR DESIGN AND OPTIMIZATION

Optimal Choice of Random Variables in D-ITG Traffic Generating Tool using Evolutionary Algorithms

VEHICLE DETECTION BY USING REAR PARTS AND TRACKING SYSTEM

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment

= (2) T a,2 a,2. T a,3 a,3. T a,1 a,1

1. Introduction. Graham Kendall School of Computer Science and IT ASAP Research Group University of Nottingham Nottingham, NG8 1BB

Activity Scheduling for Cost-Time Investment Optimization in Project Management

Estimating the Development Effort of Web Projects in Chile

Study on Model of Risks Assessment of Standard Operation in Rural Power Network

Canon NTSC Help Desk Documentation

Some literature also use the term Process Control

An Intelligent Policy System for Channel Allocation of Information Appliance

Network traffic analysis optimization for signature-based intrusion detection systems

Ensuring Secure Info-Communication Networks Based on the Special Filtering Mode

Time Delayed Independent Component Analysis for Data Quality Monitoring

Using Supervised Clustering Technique to Classify Received Messages in 137 Call Center of Tehran City Council

A Dynamic Energy-Efficiency Mechanism for Data Center Networks

Daily Mood Assessment based on Mobile Phone Sensing

Data Visualization by Pairwise Distortion Minimization

Gaining Insights to the Tea Industry of Sri Lanka using Data Mining

MONITORING OF DISTILLATION COLUMN OPERATION THROUGH SELF -ORGANIZING MAPS. Y.S. Ng and R. Srinivasan*

A Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks

Course outline. Financial Time Series Analysis. Overview. Data analysis. Predictive signal. Trading strategy

DBA-VM: Dynamic Bandwidth Allocator for Virtual Machines

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing

Transcription:

A FEATURE SELECTION AGENT-BASED IDS Emlo Corchado, Álvaro Herrero and José Manuel Sáz Department of Cvl Engneerng, Unversty of Burgos C/Francsco de Vtora s/n., 09006, Burgos, Span Phone: +34 947259395, emal: escorchado@ubu.es ABSTRACT: Ths paper ntroduces an Intruson Detecton System (IDS) based on the use of several Artfcal Intellgence (AI) technques. The anomalous detecton ssue s approached from a feature selecton pont of vew, where a connectonst model s appled as a data analyss technque n an IDS. By explotng the strengths of connectonst archtectures n recognton, classfcaton and generalzaton, ths work shows the benefts of applyng connectonst models and agent technology to the Intruson Detecton (ID) feld. Ths work s based on the fact that proectonst systems have never been appled to the IDS feld and network securty untl ths research proect. It helps network admnstrators to decde f anomalous stuatons are real ntrusons or not. To cover the more complex stuatons related to segment-dvded networks, we ntroduce a new approach based on a dstrbuted archtecture where dfferent software agents cooperate to detect anomalous SNMP (Smple Network Management Protocol) stuatons n a bg-sze network. KEYWORDS: connectonst models, unsupervsed learnng, ntruson detecton systems, mult-agent systems INTRODUCTION Computer securty actons are amed to prevent and detect unauthorzed use of computers or computer networks. IDS have become one of the most mportant securty tool. They are hardware or software systems that montor the events occurrng n a computer system or network, analysng them to dentfy securty problems. They have become a necessary addtonal tool to the securty nfrastructure as the number of network attacks has ncreased very fast durng the last years. IDS have been prevously bult by hand. AI technques can decrease the effort needed to buld IDS and can also mprove ther performance. Some technques are used to mplement IDS (such as state-transton dagrams, expert systems, petr nets, sgnature verfcaton, etc.). Among them, connectonst models have been dentfed as a very promsng method of addressng the ID problem due to two man features: they are sutable to detect day-0 attacks and they have the ablty to classfy patterns (attack classfcaton, alert valdaton, etc.). Up to now, there have been several attends to apply connectonst models [1] (such as Self-Organsng Maps [2], [3] or Elman Networks [4]) to the network securty feld. Ths paper presents an IDS based on a connectonst archtecture whch has never been appled to the ID problem before ths research. Ths archtecture s called Cooperatve Maxmum Lkelhood Hebban Learnng (CMLHL), and has been shown [5], [6], [7], [8] a very effectve one to perform the data analyss process (see Fgure 1). The actual demands of effectveness and complexty have caused the development of new computng paradgms. One of these new paradgms are agent and mult-agent systems. A software agent can be defned as a system wth capacty of adaptaton and provded wth mechansms allowng t to decde what to do (accordng to ther obectves) [9]. Ths knd of systems has been prevously used n the feld of IDS [10], [11]. PROBLEM OVERVIEW A protocol n a computer network context s a specfcaton that descrbes low-level detals of host-to-host nterfaces or hgh-level exchanges between applcaton programs. Among all the mplemented network protocols we have focused our effort n the study of SNMP because an attack based on ths protocol may severely compromse the system securty. SNMP was dentfed as one of the top fve most vulnerable servces (n order of mportance) by CISCO [12].

In the short-term, SNMP was orented to manage nodes n the Internet communty [13]. That s, t s used to control routers, brdges, and other network elements, readng and wrtng a wde varety of nformaton about the devces: operatng system, verson, routng tables, default TTL (Tme To Lve) and so on. Some of ths data can be extremely senstve. The IAB (Internet Actvtes Board) recommended that all IP (Internet Protocol) and TCP (Transmsson Control Protocol) mplementatons were network manageable [14]. The mplementaton of the Internet Management Informaton Base (MIB) and at least one of the management protocols lke SNMP s the consequence of ths suggeston. The MIB can be roughly defned as a database that contans nformaton about some elements or devces that can be network-controlled. Ths database s used by SNMP to store nformaton about the elements that t controls. There are some dangerous anomalous stuatons related to SNMP [8], such as port sweep and MIB nformaton transfer. SEGMENTED SNMP (AGENT APPROACH) An SNMP Agent s the operatonal role assumed by an SNMP party (generally a devce controlled by ths protocol) when t performs SNMP management operatons n response to receved SNMP messages [16]. An SNMP Proxy Agent s an SNMP Agent that performs management operatons by communcatng wth another logcally remote party. In the case of a segmented network, logcally remote means that each party s located n a dfferent network segment. The transparency prncple [16] defnes the behavor of an SNMP party and says that the manner n whch one SNMP party processes SNMP protocol messages receved from another SNMP party s entrely transparent to the latter. Implct n ths prncple s the requrement that, throughout ts nteracton wth a Proxy Agent, a management staton s suppled wth no nformaton about the nature or progress of the proxy mechansms by whch ts requests are realzed. That s, t should seem to the management staton as f t were nteractng va SNMP drectly wth the proxed devce. THE MULTI-AGENT IDS MODEL To upgrade the connectonst IDS model prevously developed [8], t s splt out nto dfferent software agents [9] workng together n order to detect the ntrusve actons defned above. Corporatve networks can be very bg-sze ones, where computers are set up nto dfferent network segments, manly caused by the IP address lmtatons. Here s where a dstrbuted IDS can take advantage. By usng ths knd of IDS (where a lstener entty capture the traffc travellng along each dfferent network segment), the model s able to dentfy all the anomales caused n a segment-dvded network. Otherwse, only the anomales caused n the segment where the IDS s located could be dentfed. All the dfferent SNMP anomalous stuatons can be produced n every dfferent segment (where SNMP Agents are set up). In order to detect all these stuatons we propose ths dstrbuted agent-based IDS. It s shown n Fgure 1 and conssts on two dfferent knds of agents: - Snffer Agent (): each segment (n whch the network s dvded) s controlled by an agent of ths knd. - IDS Agent (IDS-A): there s only one agent of ths knd, whch s n charge of processng the nformaton sent by Snffer Agents and alertng the network admnstrator. Ths structure allows the system to use the source and destnaton IP address n such a way that every Agent could know from whch network segment the packet s comng. Snffer Agents carry out two man functons: - Network Traffc Capture Functon: one of the network nterfaces of the host where the Snffer Agent s located s set up as promscuous mode. It captures all the packets travellng along ths network segment. - Data Pre-processng Functon: the captured data s selected, pre-processed and sent to the IDS Agent. The nformaton analysed by these Agents s obtaned from the packets that travel along the network. The necessary data for the traffc analyss s contaned on the captured packets headers. Ths data can be obtaned usng a network analyser. The study of SNMP s the reason why only packets based on UDP (User Datagram Protocol) are selected. Ths means that n terms of TCP/IP (Transmsson Control Protocol/Internet Protocol) protocol stack, the model captures only the packets usng UDP at transport layer and IP at network layer. So n addton to the SNMP packets, the data sets contan traffc related to other protocols nstalled n our network, lke NETBIOS and BOOTPS.

Durng the Data Pre-processng Functon (Fgure 1), a data selecton of all the nformaton captured s performed. So the varables used are: tmestamp, protocol ID, source port, destnaton port, source IP address, destnaton IP address and packet sze. Only the pre-processed data s sent to the IDS Agent. Network Segment 1 Network Traffc Capture Data Pre-processng Network Segment 2 IDS-A Data Analyss (CMLHL) Network Segment 3 Intellgent process IDS-A Snffer Agent IDS Agent Network Admnstrator Fgure 1: Structure of the Agent-Based IDS Once the pre-processed data s receved n the IDS Agent, a connectonst model (see Equatons 1 to 5) s appled to analyse the data and dentfy anomalous patterns. Wth ths dstrbuted structure, ths Agent s capable of dentfyng anomalous stuatons concernng to dfferent network segments. That s, an anomalous stuaton can affect SNMP Agents located n dfferent segments. The IDS Agent can be equpped wth dfferent mechansms to abort an attack. That s, after dentfyng an anomalous stuaton, t can carry out concrete actons to abort the attack (such as deactvatng SNMP). Fnally, the network admnstrator s alerted about the anomalous stuatons that are happenng (or had happened) along all the segments n whch the network s dvded. THE UNSUPERVISED CONNECTIONIST IDS MODEL Exploratory Proecton Pursut (EPP) [17], [18], [19], [20] s a statstcal method for solvng the complex problem of dentfyng structure n hgh dmensonal data. It s based on the proecton of the data onto a lower dmensonal subspace n whch ts structure s searched by eye. It s necessary to defne an ndex to measure the varyng degrees of nterest generated by each proecton. Subsequently, the data s transformed by maxmzng the ndex and the assocated nterest. From a statstcal pont of vew the most nterestng drectons are those that are as non-gaussan as possble.

The Data Analyss step performed by the IDS Agent (Fgure 1) s based on the use of a neural EPP model called Cooperatve Maxmum Lkelhood Hebban Learnng (CMLHL) [21], [22], [23]. It was ntally appled to the feld of Artfcal Vson [21], [22] to dentfy local flters n space and tme. Here, we have appled t to the feld of Computer Securty. It s based on Maxmum Lkelhood Hebban Learnng (MLHL) [19], [20] addng lateral connectons [21], [22], whch have been derved from the Rectfed Gaussan Dstrbuton [24]. The resultant net can fnd the ndependent factors of a data set but do so n a way that captures some type of global orderng n the data set. Consder an N-dmensonal nput vector, x, and an M-dmensonal output vector, y, wth lnkng nput to output and let η be the learnng rate. CMLHL can be expressed as: W beng the weght N y = W x, = 1 (1) Lateral connectons are appled: y ( t + ) = [ y (t) + τ( b Ay) ] + 1 A s a symmetrc matrx used to modfy the response to the data whose effect s based on the relaton between the dstances among the output neurons. It s based on the Cooperatve Dstrbuton [24], but to speed learnng up, t can be smplfed to [25]: ( 2 ( ) M ) A(, ) = δ cos π / (3) (2) The actvaton ( e ) s fed back through the same weghts and subtracted from the nput: Weght update: e = x M = 1 W y, p 1 ( e ) e ΔW = η. y. sgn (5) (4) Where: η s the learnng rate, τ s the strength of the lateral connectons, b s the bas parameter and p s a parameter related to the energy functon [19], [20], and δ s the Kronecker delta. COMPARISON WITH OTHER TECHNIQUES The proecton method called MLHL, and others based on t (such as CMLHL), can show the evoluton through the tme of the system response. In the IDS feld, the tme varable (or temporal relatonshp between packets) s very mportant because t s decsve n the detecton of some knds of attacks. A hgh concentraton n tme can mply an anomalous stuaton by tself. A typcal example of ths can be a MIB nformaton transfer, where a hgh temporal concentraton means a transference of great quantty of nformaton. It s a transfer of some nformaton contaned n the SNMP MIB, and s consdered a qute dangerous stuaton because a hacker can come up wth all sorts of nterestng and sometmes useful nformaton. Ths varable from the dataset does not provde as much nformaton when other unsupervsed connectonst models are appled. That s the case of Self-Organsng Maps (SOM) [26]. Several authors have appled ths model [2], [3] n the data-analyss process wthout takng nto account the tme dmenson of the data set. On the other hand, most of the sgnature-verfcaton models do not take nto account ths tme dmenson. They work at a packet level, so they cannot use the tme ssues of the dataset as a whole. It mples that these models do not take nto account the tme concentraton of anomalous or rsky packets, as t s done by the model proposed n ths paper. Fnally, the model ntroduced n ths work uses ths mportant varable, allowng a dynamc analyss and a better study of the nformaton, as can be seen n Fgure 2.

Group 1 tme evoluton Group 2 b) a) Fgure 2: a) Data proecton dsplayed by the connectonst model for a MIB nformaton transfer. b) Vsualzaton of an example of a hgh temporal concentraton of packets. In Fgure 2.a t s easy to dentfy several packet groups. Groups 1 and 2 are related to a MIB nformaton transfer: they contan packets sent and receved durng the transfer embedded n the data set. Group 1 contans all the traffc n one way (from destnaton to source), whle Group 2 contans all the traffc n the other way (from source to destnaton). These groups have been labelled as anomalous ones due to two combned ssues: hgh temporal concentraton of packets, and because they are made up of dfferent sze packets, stuaton whch s related to the MIB nformaton transfer. Fgure 2.b shows a very hgh temporal concentraton of packets, whch caused the dentfcaton of Groups 1 and 2 as anomalous ones. CONCLUSIONS We propose an Agent-Based IDS model made up of two dfferent knds of agents: Snffer Agents and IDS Agent. Ths model allows us to dentfy the attacks happenng n each segment and the most general ones (those mplyng more than only one network segment). Automatc mechansms can developed and run to abort an attack. To handle and classfy all the pre-processed nformaton related wth the whole network, the IDS Agent should have a very bg calculus power. The IDS Agent can be located n the most powerful machne n the organzaton. It does not matter what network segment ths machne s located n. ACKNOWLEDGMENTS Ths research has been supported by the McyT proects: TIN2004-07033. REFERENCES [1] Debar, H;, Becker, M.; Sbon, D., 1992, A Neural Network Component for an Intruson Detecton System, IEEE Symposum on Research n Computer Securty and Prvacy. [2] Hätönen, K.; Höglund, A.; Sorvar, A., 2000, A Computer Host-Based User Anomaly Detecton System Usng the Self-Organzng Map, Internatonal Jont Conference of Neural Networks. [3] Zanero S.; Savares S.M., 2004, Unsupervsed Learnng Technques for an Intruson Detecton System, ACM Symposum on Appled Computng, pp. 412 419.

[4] Ghosh, A.; Schwartzbard A.; Schatz A., 1999, Learnng Program Behavor Profles for Intruson Detecton, Workshop on Intruson Detecton and Network Montorng. [5] Corchado, E.; Herrero, A.; Baruque, B.; Sáz J.M., 2005, Intruson Detecton System Based on a Cooperatve Topology Preservng Method, Internatonal Conference on Adaptve and Natural Computng Algorthms, Sprnger Computer Scence, pp. 329 335. [6] Herrero, A.; Corchado, E.; Sáz, J.M., 2005, Identfcaton of Anomalous SNMP Stuatons Usng a Cooperatve Connectonst Exploratory Proecton Pursut Model, Internatonal Conference on Intellgent Data Engneerng and Automated Learnng, Sprnger-Verlag, Lecture Notes n Computer Scence, vol. 3578, pp. 187 194. [7] Herrero, A.; Corchado, E.; Sáz, J.M., 2005, A Cooperatve Unsupervsed Connectonst Model Appled to Identfy Anomalous Massve SNMP Data Sendng, Internatonal Conference on Natural Computaton, Sprnger- Verlag, Lecture Notes n Computer Scence vol. 3610, pp. 778 782. [8] Corchado, E.; Herrero, A.; Sáz J.M., 2005, Detectng Compounded Anomalous SNMP Stuatons Usng Unsupervsed Pattern Recognton, Internatonal Conference on Artfcal Neural Networks (ICANN 05), Sprnger-Verlag, Lecture Notes n Computer Scence, vol. 3697. ( In press ) [9] Wooldrdge, M., 1999, Multagent Systems: A Modern Approach to Dstrbuted Artfcal Intelgence, Gerhard Wess. [10] Spafford, E.H.; Zambon, D., 2000, Intruson Detecton Usng Autonomous Agents, Computer Networks: The Internatonal Journal of Computer and Telecommuncatons Networkng, vol. 34(4), pp. 547 570. [11] Hegazy, I.M.; Al-Arf, T.; Fayed, Z.T.; Faheem, H.M., 2003, A Framework for Multagent-based System for Intruson Detecton, Intellgent Systems Desgn and Applcatons, Sprnger-Verlag, Adv. n Soft Computng Sere. [12] Csco Secure Consultng, 2000, Vulnerablty Statstcs Report. [13] Case, J.; Fedor, M.S.; Schoffstall, M.L.; Davn, C., 1990, Smple Network Management (SNMP), RFC-1157. [14] Postel, J., 1989, IAB Offcal Protocol Standards, RFC-1100. [15] Myerson, J.M., 2002, Identfyng Enterprse Network Vulnerabltes, Internatonal Journal of Network Management, vol. 12. [16] Davn, J.; Galvn, J.; McCloghre, K., 1992, SNMP Admnstratve Model, RFC-1351. [17] Fredman J.; Tukey. J., 1974, A Proecton Pursut Algorthm for Exploratory Data Analyss, IEEE Transacton on Computers, vol. 23, pp. 881 890. [18] Hyvärnen, A., 2001, Complexty Pursut: Separatng Interestng Components from Tme Seres, Neural Computaton, vol. 13, pp. 883 898. [19] Corchado, E.; MacDonald, D.; Fyfe, C., 2004, Maxmum and Mnmum Lkelhood Hebban Learnng for Exploratory Proecton Pursut, Data Mnng and Knowledge Dscovery, vol. 8(3), Kluwer Academc Publshng, pp. 203 225. [20] Fyfe, C.; Corchado, E., 2002, Maxmum Lkelhood Hebban Rules, European Symposum on Artfcal Neural Networks. [21] Corchado, E.; Han, Y.; Fyfe, C., 2003, Structurng Global Responses of Local Flters Usng Lateral Connectons, Journal of Expermental and Theoretcal Artfcal Intellgence, vol. 15(4), pp. 473 487. [22] Corchado, E.; Fyfe, C., 2003, Connectonst Technques for the Identfcaton and Suppresson of Interferng Underlyng Factors, Internatonal Journal of Pattern Recognton and Artfcal Intellgence, vol. 17(8), pp. 1447 1466. [23] Corchado, E.; Corchado, J.M.; Sáz, L.; Lara, A., 2004, Constructng a Global and Integral Model of Busness Management Usng a CBR System Frst Internatonal Conference on Cooperatve Desgn, Vsualzaton and Engneerng. [24] Seung, H.S.; Socc, N.D.; Lee, D., 1998, The Rectfed Gaussan Dstrbuton Advances n Neural Informaton Processng Systems, vol. 10, pp. 350-356. [25] Charles, D., 1999, Unsupervsed Artfcal Neural Networks for the Identfcaton of Multple Causes n Data, Ph.D. Thess, Unversty of Pasley. [26] T. Kohonen, 2000, Self-Organzng Maps, Sprnger, 3 rd edton, ISBN: 3-540-67921-9.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information