Cascaded hybrid intrusion detection model based on SOM and RBF neural networks

Summary Cybercriminal activities over computer network systems are considered one of the preponderant issues that humanity will face in the coming two decades. The development steps in the design of intrusion detection systems must be carried out in analogous manner to sophistication levels of intrusions developed by hackers. This work proposes a layered hybrid intrusion detection model uses cascaded layers of Clustered Self‐Organized Map (CSOM) and Radial Basis Function (RBF) neural networks to improve the efficiency of detecting frequent and least frequent intrusions. K‐means clustered SOM was used to filter attacks as a first layer, whereas RBF‐based neural network worked as second filtering and attacked classification layer leading to significance reduction in time required to process connection records and notable improvements in the performance of intrusion detection. A new balanced version of cleansed NSL‐KDD dataset was used to validate and evaluate the proposed model. Compared with other existing schemes; the proposed model shows high detection performance in terms of accuracy 97.73% and false positive rate as low as 0.023%. In particular, for detecting least and most harmful attacks, U2R and R2L, the system achieved detection rate of 88.6% with false positive rate of 0.016. Comparative results showed that CSOM‐RBF model is more suitable for real‐life implementation than other many existing state‐of‐the‐art intrusion detection models.