Research Area:  Machine Learning
This paper describes a focused literature survey of self-organizing maps (SOM) in support of intrusion detection. Specifically, the SOM architecture can be divided into two categories, i.e., static-layered architectures and dynamic-layered architectures. The former one, Hierarchical Self-Organizing Maps (HSOM), can effectively reduce the computational overheads and efficiently represent the hierarchy of data. The latter one, Growing Hierarchical Self-Organizing Maps (GHSOM), is quite effective for online intrusion detection with low computing latency, dynamic self-adaptability, and self-learning. The ultimate goal of SOM architecture is to accurately represent the topological relationship of data to identify any anomalous attack. The overall goal of this survey is to comprehensively compare the primitive components and properties of SOM-based intrusion detection. By comparing with the two SOM-based intrusion detection systems, we can clearly understand the existing challenges of SOM-based intrusion detection systems and indicate the future research directions.
Author(s) Name:  Xiaofei Qu, Lin Yang, Kai Guo, Linru Ma, Meng Sun, Mingxing Ke & Mu Li
Journal name:  Mobile Networks and Applications
Publisher name:  Springer
Volume Information:  volume 26, pages 808–829
Paper Link:   https://link.springer.com/article/10.1007/s11036-019-01353-0