Dynamic Network Anomaly Intrusion Detection Using Modified SOM

Detection of unexpected and emerging new threats has become a necessity for secured internet\udcommunication with absolute data confidentiality, integrity and availability. Design and\uddevelopment of such a detection system shall not only be new, accurate and fast but also\udeffective in a dynamic environment encompassing the surrounding network. In this paper, an\udalgorithm is proposed for anomaly detection through modifying the Self – Organizing Map\ud(SOM), by including new neighbourhood updating rules and learning rate dynamically in order\udto overcome the fixed architecture and random weight vector assignment. The algorithm\udinitially starts with null network and grows with the original data space as initial weight\udvectors. New nodes are created using distance threshold parameter and their neighbourhood is\udidentified using connection strength. Employing learning rule, the weight vector updation is\udcarried out for neighbourhood nodes. Performance of the new algorithm is evaluated for using\udstandard bench mark dataset. The result is compared with other neural network methods, shows\ud98% detection rate and 2% false alarm rate. \u