Filtering intrusion detection alarms

被引：12

作者：

Mansour, Nashat ^{[1
]}

Chehab, Maya I. ^{[1
]}

Faour, Ahmad ^{[2
]}

机构：

[1] Lebanese Amer Univ, Dept Comp Sci & Math, Beirut, Lebanon

[2] Lebanese Univ, Beirut, Lebanon

来源：

CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2010年 / 13卷 / 01期

关键词：

Alarm filtering; Computer security; Growing hierarchical self-organizing map; Intrusion detection; Self-organizing map;

D O I：

10.1007/s10586-009-0096-9

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data.

引用

页码：19 / 29

页数：11

共 15 条

[1]

[Anonymous], 2003, P 10 ACM C COMP COMM, DOI DOI 10.1145/948109.948137

[2]

Cuppens F, 2002, P IEEE S SECUR PRIV, P202, DOI 10.1109/SECPRI.2002.1004372

[3]

FAOUR A, 2006, P 1 JOINT C SEC NETW, P277

[4]

Julisch Klaus., 2002, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, P366, DOI [10.1145/775047.775101, DOI 10.1145/775047.775101]

[5] A hierarchical SOM-based intrusion detection system [J].

Kayacik, H. Gunes ;

Zincir-Heywood, A. Nur ;

Heywood, Malcolm I. .

ENGINEERING APPLICATIONS OF ARTIFICIAL INTELLIGENCE, 2007, 20 (04) :439-451

[6]

Kayacik HG, 2003, IEEE IJCNN, P1808

[7]

Kohonen T., 1995, Self-Organizing Maps, V30

[8]

KRUEGEL C, 2004, PRACT INF PROCESS CO, V27, P220

[9] Host-based intrusion detection using self-organizing maps [J].

Lichodzijewski, P ;

Zincir-Heywood, AN ;

Heywood, MI .

PROCEEDING OF THE 2002 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS, VOLS 1-3, 2002, :1714-1719

[10]

*MATLAB SOFTW, LANG TECHN COMP VERS

← 1 2 →