Anomaly-based intrusion detector system using restricted growing self organizing map

Abstract

The rapid development of internet and network technology followed by malicious threats and attacks on networks and computers. Intrusion detection system (IDS) was developed to solve that problems. The development of IDS using machine learning is needed for classifying the attacks. One method of the classification is Self-Organizing Map (SOM). SOM able to perform classification and visualization in learning process to gain new knowledge. However, the SOM has less efficient in learning process when applied in Big Data. This study proposes Restricted Growing SOM method with clustering reference vector (RGSOM-CRV) and Parallel RGSOM-CRV to improve SOM efficiency in classification with accuracy consideration to solve Big Data problem. Growing process in RGSOM is restricted by maximum nodes and growing threshold, the reupdate weight process will update unused reference vector when map size already maximum, these two processes solve the consuming time of regular GSOM. From the results of this research against KDD Cup 1999 dataset, proposed method Parallel RGSOM-CRV able to give 91.86% accuracy, 20.58% false alarm rate, 95.32% recall or detection rate, and precision is 94.35% and time consuming is outperform than regular Growing SOM. This proposed method is very promising to handle big data problems compared with other methods.