| |
| |
|
|
|
|
| Using Learning Vector Quantization in IDS Alert Management System
|
|
Full
text: |
 PDF(92.9KB) |
|
|
Source |
International Journal of Computer Science and Security (IJCSS) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(1.59MB) |
|
Volume: 6 Issue: 2 |
| |
Pages: |
|
Publication
Date: April 2012 |
|
ISSN
(Online): 1985-1553 |
|
|
|
|
|
Pages |
128 - 134 |
|
Author(s) |
|
|
|
Published
Date |
16-04-2012 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
KEYWORDS: IDS, Alert Management, Learning Vector Quantization, Alert Classification, True Positive and False Positive Classification |
|
|
| |
|
|
| No
record found |
| |
|
| |
|
|
| Intrusion detection system (IDS) is used to produce security alerts to discover attacks against protected network and/or computer systems. IDSs generate high amount of security alerts and analyzing these alert by a security expert are time consuming and error pron. IDS alert management system are used to manage generated alerts and classify true positive and false positives alert. This paper represents an IDS alert management system that uses learning vector quantization technique to classify generated alerts. Because of low classification time per each alert, the system also could be used in active alert management systems. |
| |
|
| |
|
| |
| 1 |
H. Debar, M. Dacier, and A. Wespi. "Towards a taxonomy of intrusion-detection systems”, COMPUT. NETWORKS, Vol. 31, Issue: 8, pp.: 805-822, 1999.
|
|
|
| 2 |
Kohonen, T, "Self-Organized Maps", Springer series in information. Science Berlin Heidelberg, 1997.
|
|
|
| 3 |
Amir Azimi Alasti Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, Mir Kamal Mirnia, Mehdi Bahrbegi, Elnaz Safarzadeh, Ali Ebrahimi, "A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps", International Journal of Computer Science and Security (IJCSS), Vol. 4, Issue 6, pp. 589 – 597, 2010.
|
|
|
| 4 |
K. Julisch, "Clustering intrusion detection alarms to support root cause analysis", ACM Trans. on Information and System Security, Vol. 6, Issue 4, pp. 443 – 471, 2003.
|
|
|
| 5 |
Maheyzah, M. S., Mohd Aizaini, M., and Siti Zaiton, M. H. (2009), "Intelligent Alert Clustering Model for Network Intrusion Analysis", Int. Jurnal in Advances Soft Computing and Its Applications (IJASCA), Vol. 1, Issue 1, pp. 33 – 48, 2009.
|
|
|
| 6 |
Wang, J., Wang, H., Zhao, G., "A GA-based Solution to an NP-hard Problem of Clustering Security Events", IEEE, pp. 2093- 2097, 2006.
|
|
|
| 7 |
Wang J., Baojiang Cui, "Clustering IDS Alarms with an IGA-based Approach", ICCCAS, pp. 586-591, 2009.
|
|
|
| 8 |
Cuppens F., “Managing alerts in a multi-intrusion detection environment”, Proceedings of the 17th Annual Computer Security Applications Conference on, pp. 22-31, 2001.
|
|
|
| 9 |
Bahrbegi H., Navin A.H., Ahrabi A.A.A., Mirnia M. K., Mollanejad A., "A new system to evaluate GA-based clustering algorithms in Intrusion Detection alert management system", Nature and Biologically Inspired Computing (NaBIC), Second World Congress on, pp. 115 – 120, 2010.
|
|
|
| 10 |
MIT Lincoln Lab., DARPA 1998 Intrusion Detection Evaluation Datasets. Available: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html, 1998.
|
|
|
| 11 |
Snort: The open source network intrusion detection system. Available: http://www.snort.org/.
|
|
|
| 12 |
Brugger S. T., J. Chow, "An Assessment of the DARPA IDS Evaluation Dataset Using Snort", UC Davis Technical Report CSE-2007-1, Davis, CA, 2007.
|
|
|
| 13 |
Snort Manual, www.snort.org/assets/82/snort_manual.pdf.
|
|
|
| 14 |
Neural Network Toolbox, "ANN Toolbox for MATLAB", www.mathworks.com/products/neuralnetwork, 2011.
|
|
|
| 15 |
Matlab Software, http://www.mathworks.com.
|
|
|
| 16 |
E. MIRADOR, "Mirador: a cooperative approach of IDS", European Symposium on Research in Computer Security (ESORICS). Toulouse, France, 2000.
|
|
|
| 17 |
Debar H., Wespi A., "Aggregation and Correlation of Intrusion-Detection Alerts", Proceeding RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp.:87-105, 2001.
|
|
|
| 18 |
Krovi R., "Genetic Algorithm for Clustering: A preliminary investigation", Proceeding on 25th Hawaii International Conference on Systems Sciences (HICSS), pp. 540–544, 1992.
|
|
|
| 19 |
Krishna K., Murty M., "Genetic K-means algorithm", IEEE Transactions on Systems, Man and Cybernetics - Part B: Cybernetics, pp. 433-439, 1999.
|
|
|
| 20 |
Fuyan L., Chouyong C., Shaoyi L., "An Improved Genetic Approach", International Conference on Neural Networks and Brain, pp. 641-644, 2005.
|
|
|
| 21 |
Lu Y., Lu S., Fotouhi F., Deng Y., Brown J. S., "FGKA: a Fast Genetic K-means Clustering Algorithm", Proceeding of the ACM Symposium on Applied computing (SAC), Nicosia, Cyprus, pp. 622-623, 2004.
|
|
|
| 22 |
Nuovo A. D. G., Catania V., Palesi M., "The Hybrid Genetic Fuzzy C-means: a Reasoned Implementation", Proceedings of the 7th WSEAS International Conference on Fuzzy Systems, ACM, pp. 33-38, 2006.
|
|
|
| |
|
| |
|
| |
| |
|
| |
|
| |
| |
|
| |
|
| |
|
| Amir Azimi Alasti Ahrabi : Colleagues
|
|
| Kaveh Feyzi : Colleagues
|
|
| Zahra Atashbar Orang : Colleagues
|
|
| Hadi Bahrbegi : Colleagues
|
|
| Elnaz Safarzadeh : Colleagues
|
|
|
|
|
|
|
|
|
|
|
