As an artificial neural network method, self-organizing mapping facilities efficient complete and visualize high-dimensional data topology representation, valid in a number of applications such as network intrusion detection. However, there remains a challenge to accurately depict the topology of network traffic data with unbalanced distribution, which deteriorates the performance of e.g. DoS attack detection. Hence, we propose a new model of the ''statistic-enhanced directed batch growth self-organizing mapping'', renew the definition of the growth threshold used to evaluate/control neuron expansion, and first introduce the inner distribution factor for fine-grained data distinguishing. The numerical experiments based on two datasets, KDD99, and CICIDS2017, demonstrate that the key performance in DoS attack detection including the detection rate, the false positive rate, and the training time are greatly enhanced thanks to the statistic concepts consulted in the proposed model. INDEX TERMS DoS attack detection, statistic-enhanced directed batch growing self-organizing mapping, growth threshold, inner distribution factor.
A new evaluation mechanism was proposed to enhance the representation of data topology in the directed batch growth hierarchical self-organizing mapping. In the proposed mechanism, the growth threshold and the correlation worked in a case-sensitive manner through the statistic calculation of the input data. Since the proposed model enabled a more thorough representation of data topology from both the horizontal and the vertical directions, it naturally held great potential in detecting various traffic attacks. Numerical experiments of network intrusion detection were carried out on the datasets of KDD99, Moore and CICIDS2017, where the good performance validated the superiority of the proposed method.INDEX TERMS Network intrusion detection, growth hierarchical self-organizing mapping, statistical enhancement, growth threshold, correlation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.