Home > CSC-OpenAccess Library > Manuscript Information
EXPLORE PUBLICATIONS BY COUNTRIES |
 |
 |
EUROPE |
|
MIDDLE EAST |
|
ASIA |
|
AFRICA |
| ............................. | |
|
United States of America |
|
United Kingdom |
|
Canada |
|
Australia |
|
Italy |
|
France |
|
Brazil |
|
Germany |
|
Malaysia |
|
Turkey |
|
China |
|
Taiwan |
|
Japan |
|
Saudi Arabia |
|
Jordan |
|
Egypt |
|
United Arab Emirates |
|
India |
|
Nigeria |
A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps
Amir Azimi Alasti Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, Mir Kamal Mirnia, Mehdi Bahrbegi, Elnaz Safarzadeh, Ali Ebrahimi
Pages - 589 - 597 | Revised - 31-01-2011 | Published - 08-02-2011
MORE INFORMATION
KEYWORDS
IDS, alert clustering, SOM, false positive alert reduction, alert classification
ABSTRACT
Intrusion Detection Systems (IDS) allow to protect systems used by organizations against threats that emerges network connectivity by increasing. The main drawbacks of IDS are the number of alerts generated and failing. By using Self-Organizing Map (SOM), a system is proposed to be able to classify IDS alerts and to reduce false positives alerts. Also some alert filtering and cluster merging algorithm are introduce to improve the accuracy of the proposed system. By the experimental results on DARPA KDD cup 98 the system is able to cluster and classify alerts and causes reducing false positive alerts considerably.
| 1 | Feshki, M. G., Sojoodi, O., & Anvary, M. D. (2015). Managing Intrusion Detection Alerts Using Support Vector Machines. International Journal of Computer Science and Security (IJCSS), 9(5), 266. |
| 2 | Anvary, M. D., Feshki, M. G., & Ahrabi, A. A. A. (2015). Efficient Security Alert Management System. International Journal of Computer Science and Security (IJCSS), 9(4), 218. |
| 3 | Masdari, M., & Bakhtiari, F. C. (2014). Alert Management System using K-means Based Genetic for IDS. International Journal of Security and Its Applications, 8(5), 109-118. |
| 4 | Ahrabi, A. A. A., Feyzi, K., Orang, Z. A., Bahrbegi, H., Safarzadeh, E., Azimi, A., & Ahrabi, A. (2012). Using Learning Vector Quantization in Alert Management of Intrusion Detection System. International Journal of Computer Science and Security, 6(2), 128. |
| 5 | Bhatti, D. G., Virparia, P. V., & Patel, B. (2012). Conceptual Framework for Soft Computing based Intrusion Detection to Reduce False Positive Rate. International Journal of Computer Applications, 44(13), 1-3. |
| 6 | Orang, Z. A., Moradpour, E., Navin, A. H., Ahrabim, A. A. A., & Mirnia, M. K. (2012). Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems. International Journal of Computer Network and Information Security (IJCNIS), 4(11), 32. |
| 1 | Google Scholar  |
| 2 | Academic Journals Database |
| 3 | CiteSeerX |
| 4 | refSeek |
| 5 | iSEEK |
| 6 | Libsearch |
| 7 | Bielefeld Academic Search Engine (BASE) |
| 8 | Scribd |
| 9 | SlideShare |
| 10 | PdfSR |
| A. Ultsch, H. P. Siemon, " Kohonen's Self Organizing Feature Maps for Exploratory Data Analysis", Proceedings of International Neural Networks Conference (INNC) (1990), pp. 305-308. | |
| Binh Viet Nguyen, "Self-Organizing Map for anomaly detection", Available in http://www.cs.umd.edu/~bnguyen/papers/papers.html | |
| E. MIRADOR. Mirador: a cooperative approach of IDS. Poster present au me European Symposium on Research in Computer Security (ESORICS). Toulouse, France, octobre,2000. | |
| F. Cuppens. Managing alerts in a multi-intrusion detection environment. Proceedings of the 17th Annual Computer Security Applications Conference, 32, 2001. | |
| H. Debar, M. Dacier, and A. Wespi. Towards a taxonomy of intrusion-detection systems.COMPUT. NETWORKS, 31(8):805-822, 1999. 60 Conclusion And Future Work 61. | |
| Hayoung Oh, Kijoon Chae, "Real-Time Intrusion Detection System Based on Self-Organized Maps and Feature Correlations", Third International Conference on Convergence and Hybrid Information Technology, IEEE, 2008, vol. 2, Pages.1154-1158. | |
| Jianxin Wang, Baojiang Cui, " Clustering IDS Alarms with an IGA-based Approach", ICCCAS 2009, pp586-591. | |
| Juha Vesanto and Esa Alhoniemi. Clustering of the Self-Organizing Map. IEEE Transactions on Neural Networks, 11(2):586–600, March 2000. | |
| Juha Vesanto, John Himberg, Esa Alhoniemi, and Juha Parhankangas, "SOM Toolbox for Matlab 5", SOM Toolbox Team, Helsinki University of Technology, 2000. | |
| Julisch, K.: Mining alarm clusters to improve alarm handling efficiency. In: Proceeding of the 17th Annual Computer Security Applications Conference, New Orleans, pp. 12–21 (2001) | |
| K. Julisch, "Clustering intrusion detection alarms to support root cause analysis", ACM Transactions on Information and System Security (TISSEC) , 2003, Volume 6 , Issue 4,Pages: 443 – 471. | |
| Kiziloren, Tevfik, "Network traffic classification with Self-Organized Maps", Computer and information sciences, 2007, page(s): 1-5. | |
| Kohonen, T, "Self-Organized Maps", Springer series in information. Science Berlin Heidelberg:1997. | |
| Maheyzah, M. S., Mohd Aizaini, M., and Siti Zaiton, M. H. (2009), “ Intelligent Alert Clustering Model for Network Intrusion Analysis.”, Int. Jurnal in Advances Soft Computing and Its Applications (IJASCA), Vol. 1, No. 1, July 2009, ISSN 2074-8523. pp. 33 - 48. | |
| Matlab Software, http://www.mathworks.com. | |
| MIT Lincoln Lab. (1998). DARPA 1998 Intrusion Detection Evaluation Datasets. Available:http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html | |
| Pachghare,V. K., "Intrusion Detection System Using Self Organized Maps", Intelligent Agent & Multi-Agent Systems, 2009, page(s): 1-5. | |
| S Terry Brugger and Jedidiah Chow, " An Assessment of the DARPA IDS Evaluation Dataset Using Snort", UC Davis Technical Report CSE-2007-1, Davis, CA, 6 January 2007. | |
| Snort Manual, www.snort.org/assets/82/snort_manual.pdf | |
| Snort: The open source network intrusion detection system. Available: http://www.snort.org/. | |
| SOM Toolbox for Matlab, Available in http://www.cis.hut.fi/projects/somtoolbox/. | |
| Wang, J., Wang, H., Zhao, G. 2006. A GA-based Solution to an NP-hard Problem of Clustering Security Events. IEEE 2093- 2097. | |
Mr. Amir Azimi Alasti Ahrabi
Industrial Management Institute - Iran
amir.azimi.alasti@gmail.com
Dr. Ahmad Habibizad Navin
- Iran
Dr. Hadi Bahrbegi
- Iran
Dr. Mir Kamal Mirnia
- Iran
Dr. Mehdi Bahrbegi
- Iran
Dr. Elnaz Safarzadeh
- Iran
Dr. Ali Ebrahimi
- Iran
|
|
|
|
| View all special issues >> | |
|
|
