Network Intrusion Detection and Attack Analysis Based on SOFM with Fast Nearest-Neighbor Search

Owing to computer attacks becoming more complex, more and more machine learning algorithms are increasingly proposed to solve the problems of intrusion detection. But these algorithms have wide gap when applied in network intrusion detection systems(NIDS), especially in high-speed networking environments. In this paper, An NIDS based on self-organizing feature map (SOFM) is proposed. And to achieve more efficiency and usability, the vector elimination nearest-neighbor search (VENNS) algorithm is implemented for the NIDS, where the final aim is to reduce the system computational cost of training and detection. Using the DARPA Intrusion Detection Evaluation Data Set, the performance evaluation and comparison analysis are implemented. It is shown that network attacks are detected with the higher detection rates and relatively the lower false positive rates. The performance and efficiency of NIDS are improved greatly: the training time cost the detection time cost can be shortened about by four times and seven times respectively.