Abstract
-
Machine learning in general and artificial neural networks in particular are commonly used to address the problem of detecting anomalies in intrusion detection systems. Self-Organizing Maps (SOMs) have been shown to be a promising tool for this purpose, but the limitation of the cardinality of their display space has resulted in SOMs being a black box method and impeded the design of a simpler network architecture. High resolution SOMs are a very recent development that can overcome these problems. This paper explores how high resolution SOMs can help with anomaly detection in intrusion detection systems. Experiments on a large and well established benchmark problem show that high resolution SOMs improve results while allowing a simple network architecture. It is also shown that high resolution SOMs allow the development of better understanding of the results and the problem domain.