Research Of Self-Organizing Map Neural Network Based Intrusion Detection

With rapid development of computer network technology, the information industry and its applications have made tremendous progress. There is increasing dependence on network for individual users and enterprise units, such as governments, financial institutions, telecom industry, etc. On the other hand, this development brings potential troubles for information security. The attacking tools of network "hackers" are more and more advanced, and information security has become increasingly acute. The use of anti-attack firewall technology has not been able to resist malicious intrusion. So, one solution to the issues of information security is to research on intrusion detection technology.At present, network security technology mainly includes encryption technology, identity verification technology, access control technology and firewall technology, etc. Unfortunately, there are more limitation and insufficiency. The development of intrusion detection technology can make up some deficiencies in a way. For example, intrusion detection system is initiative.It can identify the malicious use of computer and network resources, and then provide important information to confront intrusion. It can not only check the external intrusion, but monitor the unauthorized action by the internal users.First of all, this paper provides an overview of the current information security and network intrusion detection technology. Then, aiming at the current popular attack methods and the high positive and negative rate of the intrusion detection system, it proposes an intrusion detection model on the basis of SOM (self organizing maps) algorithms, and uses KDDCUP'99 dataset as the source data for feature extraction, the encoded numerical data features as input neurons for SOM training. Finally, this paper improves the shortcomings of SOM in its adjustment of the vector value with grey coefficient, which speeds up the convergence speed of the vector adjustment. Comparing the results between SOM and Grey SOM while detecting DOS attacks, it shows that grey SOM not only be able to accelerate the training and testing process, but also can improve the detection rate of intrusion detection system effectively.