This work addresses the inefficiency of traditional hierarchical self-organizing maps (HSOMs) in training on large-scale cybersecurity datasets, which hinders their applicability to real-time intrusion detection. The paper proposes the first parallel HSOM architecture (parHSOM), leveraging parallel computing to substantially accelerate the training process while preserving detection performance. Experimental results across various grid configurations and widely used cybersecurity benchmarks demonstrate that parHSOM significantly reduces training time compared to its serial counterpart, without introducing notable degradation in detection accuracy. This advancement offers a practical pathway toward interpretable, AI-driven intrusion detection systems capable of operating efficiently at scale.

The digital age has completely transformed the way that information is processed and stored, which makes cybersecurity a crucial field of research. Cybersecurity contains many different domains, but this work focuses on Intrusion Detection Systems (IDSs). Within the literature, Hierarchical Self-Organizing Maps (HSOMs) have been used to create trustworthy, explainable, and AI-based IDSs. However, HSOMs are trained sequentially, which means that training HSOMs on large datasets is slow. This work presents a novel parallel HSOM architecture, called parHSOM. The purpose of this research is to investigate the effect that parallel computation has on the HSOM training time. parHSOM is tested on two different testbeds, four different output grid sizes, and five different cybersecurity datasets. Performance metrics collected from these experiments show that parHSOM consistently trains faster than the Sequential HSOM algorithm without any significant loss in performance. Additionally, this work provides a platform for further investigation into parallel HSOM implementations.