102 DK-Map: A Minimalistic Approach to Network Intrusion Detection

A simple technique called DK-Map for network intrusion detection is presented. The DK-Map provides a computationally efficient means to construct self-organizing maps by dynamically generating neurons as dictated by the inherent order of relation in the training set. One significant advantage of this technique is its computational efficiency. The network size is dynamically determined. Earlier work by the first author proves that high-order nonlinear classifier models achieved using neural networks that use multivariate Gaussian functions and hierarchical Kohonen maps yield excellent results in detection and false positive rates. A major motivation for this work is to measure the effectiveness of DK-Map compared to the techniques mentioned above for intrusion detection. Training and testing are conducted on pre-processed network dump data and the benchmark KDD 1999 dataset. With DK-Map we obtained detection rates between 89% and 96.27% at false positive rates between 0.28% and 2.32% for network dump data with 37 and 50 neurons respectively.