The use of self-organizing maps in intrusion detection has not been practical for attack analysis as a result of the computational processing time required for large volumes of data. Although previous research has addressed this problem through optimizing the algorithms used for self-organizing maps and through feature reduction, there is no existing solution for using self-organizing maps for intrusion detection that adequately addresses the problem of computational performance to make self-organizing maps practical for analysis of intrusion detection data. This research demonstrates a method of preprocessing that includes discretization, deduplication, binary filtering for imbalanced datasets, and feature extraction to improve the performance and optimize the quality of clustering in self-organizing maps.
Available at: http://works.bepress.com/james-cannady/41/