Intelligent alert clustering model for network intrusion analysis
As security threats advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Published: |
IEEE Xplore
2009
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/11834/ http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05283194 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| id |
my.utm.11834 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.118342017-10-08T03:08:27Z http://eprints.utm.my/id/eprint/11834/ Intelligent alert clustering model for network intrusion analysis Md. Siraj, Maheyzah Maarof, Mohd. Aizaini Mohd. Hashim, Siti Zaiton QA75 Electronic computers. Computer science QA76 Computer software As security threats advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time. IEEE Xplore 2009 Article PeerReviewed Md. Siraj, Maheyzah and Maarof, Mohd. Aizaini and Mohd. Hashim, Siti Zaiton (2009) Intelligent alert clustering model for network intrusion analysis. Journal in Advances Soft Computing and Its Applications (IJSCA), 1 (1). pp. 33-48. ISSN 2074-8523 http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05283194 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| topic |
QA75 Electronic computers. Computer science QA76 Computer software |
| spellingShingle |
QA75 Electronic computers. Computer science QA76 Computer software Md. Siraj, Maheyzah Maarof, Mohd. Aizaini Mohd. Hashim, Siti Zaiton Intelligent alert clustering model for network intrusion analysis |
| description |
As security threats advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time. |
| format |
Article |
| author |
Md. Siraj, Maheyzah Maarof, Mohd. Aizaini Mohd. Hashim, Siti Zaiton |
| author_facet |
Md. Siraj, Maheyzah Maarof, Mohd. Aizaini Mohd. Hashim, Siti Zaiton |
| author_sort |
Md. Siraj, Maheyzah |
| title |
Intelligent alert clustering model for network intrusion analysis
|
| title_short |
Intelligent alert clustering model for network intrusion analysis
|
| title_full |
Intelligent alert clustering model for network intrusion analysis
|
| title_fullStr |
Intelligent alert clustering model for network intrusion analysis
|
| title_full_unstemmed |
Intelligent alert clustering model for network intrusion analysis
|
| title_sort |
intelligent alert clustering model for network intrusion analysis |
| publisher |
IEEE Xplore |
| publishDate |
2009 |
| url |
http://eprints.utm.my/id/eprint/11834/ http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05283194 |
| _version_ |
1643645788183592960 |