Kruti Choksi et al. Int. Journal of Engineering Research and Applications www.ijera.com ISSN : 2248-9622, Vol. 4, Issue 12( Part 4), December 2014, pp.11-16 www.ijera.com 11 | Page Intrusion Detection System using Self Organizing Map: A Survey Kruti Choksi*, Prof. Bhavin Shah**, Asst. Prof. Ompriya Kale*** *(Department of Computer Engineering, L.J .Institute of Engineering & Technology, Ahmedabad, India.) ** (M.C.A. Programme, L.J. Institute of Management Studies, Ahmedabad, India.) *** (Department of Computer Engineering, L.J. Institute of Engineering & Technology, Ahmedabad, India.) ABSTRACT Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate. Keywords - Artificial Intelligence (AI), Growing Hierarchical Self Organizing Map (GHSOM), Hierarchical Self Organizing Map (HSOM), Intrusion Detection System (IDS), Network Security, Neural Networks (NN), Self Organizing Map(SOM). I. INTRODUCTION Today in the Internet era, Internet has become a routine in our life. Various personal and professional activities are carried out using Internet like online shopping, email, e-commerce, e-learning, e- governance and other. Important transactions and communication are done via Internet and are being attacked in order to know the secret information. Due to these reasons the network security in main concern today. Also according to the Symantec Internet Security Threat Report 2014 [20], 2013 was the Year of Mega Breaches. It has been surveyed by Symantec that there were major eight breaches in 2013, in which each individual breach exposed more than 10 million individual identity thefts, which proved dangerous for many organization and many government bodies, as sensitive data were stolen by the attackers. An intrusion or attack can be defined as “any set of actions that attempt to compromise the security objectives” [1]. Anderson James P introduced first concept of Intrusion Detection System (IDS) in 1980. In 1984 Fred Cohen mentioned that the percentage of detecting an attack will increase as the traffic increases. Dorothy E. Denning introduced a model of IDS in 1986, which becomes the basic model of the current IDS models [3]. Recently various approaches are adopted to build IDS using different techniques mention in [2] like statistical models, Data Mining Base models, Signature analysis, Rule based systems, Genetic Algorithms, State transition based system, Expert based system and Petri nets. Now a days, the new approach for IDS are neural networks, which are able to detect anomaly base intrusions, while previous techniques where able to detect anomalies but with high false alarm rate. In neural networks one of the approaches is Self-Organizing Maps (SOM), which is proven technique for automated clustering, and visual organization and anomaly detection in IDS [1]. Section II and III provide the introduction about Intrusion Detection System (IDS) and Self Organizing Map (SOM) respectively. In Section IV various network attack are discussed. Section V covers the literature review and comparison of various approaches of IDS using SOM and its model. Section VI consists of comparison analysis and finally section VII provide the conclusion of the survey conducted. RESEARCH ARTICLE OPEN ACCESS