High resolution SOM approach to improving anomaly detection in intrusion detection systems
Machine learning in general and artificial neural networks in particular are commonly used to address the problem of detecting anomalies in intrusion detection systems. Self-Organizing Maps (SOMs) have been shown to be a promising tool for this purpose, but the limitation of the cardinality of their display space has resulted in SOMs being a black box method and impeded the design of a simpler network architecture. High resolution SOMs are a very recent development that can overcome these problems. This paper explores how high resolution SOMs can help with anomaly detection in intrusion detection systems. Experiments on a large and well established benchmark problem show that high resolution SOMs improve results while allowing a simple network architecture. It is also shown that high resolution SOMs allow the development of better understanding of the results and the problem domain.