Home   >   CSC-OpenAccess Library   >    Manuscript Information
Using Learning Vector Quantization in IDS Alert Management System
Amir Azimi Alasti Ahrabi, Kaveh Feyzi, Zahra Atashbar Orang, Hadi Bahrbegi, Elnaz Safarzadeh
Pages - 128 - 134     |    Revised - 15-03-2012     |    Published - 16-04-2012
Volume - 6   Issue - 2    |    Publication Date - April 2012  Table of Contents
MORE INFORMATION
KEYWORDS
IDS, Alert Management, Learning Vector Quantization, Alert Classification, True Positive and False Positive Classification
ABSTRACT
Intrusion detection system (IDS) is used to produce security alerts to discover attacks against protected network and/or computer systems. IDSs generate high amount of security alerts and analyzing these alert by a security expert are time consuming and error pron. IDS alert management system are used to manage generated alerts and classify true positive and false positives alert. This paper represents an IDS alert management system that uses learning vector quantization technique to classify generated alerts. Because of low classification time per each alert, the system also could be used in active alert management systems.
CITED BY (2)  
1 Anvary, M. D., Feshki, M. G., & Ahrabi, A. A. A. (2015). Efficient Security Alert Management System. International Journal of Computer Science and Security (IJCSS), 9(4), 218.
2 Feshki, M. G., Sojoodi, O., & Anvary, M. D. (2015). Managing Intrusion Detection Alerts Using Support Vector Machines. International Journal of Computer Science and Security (IJCSS), 9(5), 266.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
Amir Azimi Alasti Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, Mir Kamal Mirnia, Mehdi Bahrbegi, Elnaz Safarzadeh, Ali Ebrahimi, "A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps", International Journal of Computer Science and Security (IJCSS), Vol. 4, Issue 6, pp. 589 – 597, 2010.
Bahrbegi H., Navin A.H., Ahrabi A.A.A., Mirnia M. K., Mollanejad A., "A new system to evaluate GA-based clustering algorithms in Intrusion Detection alert management system", Nature and Biologically Inspired Computing (NaBIC), Second World Congress on, pp. 115 – 120, 2010.
Brugger S. T., J. Chow, "An Assessment of the DARPA IDS Evaluation Dataset Using Snort", UC Davis Technical Report CSE-2007-1, Davis, CA, 2007.
Cuppens F., “Managing alerts in a multi-intrusion detection environment”, Proceedings of the 17th Annual Computer Security Applications Conference on, pp. 22-31, 2001.
Debar H., Wespi A., "Aggregation and Correlation of Intrusion-Detection Alerts", Proceeding RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp.:87-105, 2001.
E. MIRADOR, "Mirador: a cooperative approach of IDS", European Symposium on Research in Computer Security (ESORICS). Toulouse, France, 2000.
Fuyan L., Chouyong C., Shaoyi L., "An Improved Genetic Approach", International Conference on Neural Networks and Brain, pp. 641-644, 2005.
H. Debar, M. Dacier, and A. Wespi. "Towards a taxonomy of intrusion-detection systems”, COMPUT. NETWORKS, Vol. 31, Issue: 8, pp.: 805-822, 1999.
K. Julisch, "Clustering intrusion detection alarms to support root cause analysis", ACM Trans. on Information and System Security, Vol. 6, Issue 4, pp. 443 – 471, 2003.
Kohonen, T, "Self-Organized Maps", Springer series in information. Science Berlin Heidelberg, 1997.
Krishna K., Murty M., "Genetic K-means algorithm", IEEE Transactions on Systems, Man and Cybernetics - Part B: Cybernetics, pp. 433-439, 1999.
Krovi R., "Genetic Algorithm for Clustering: A preliminary investigation", Proceeding on 25th Hawaii International Conference on Systems Sciences (HICSS), pp. 540–544, 1992.
Lu Y., Lu S., Fotouhi F., Deng Y., Brown J. S., "FGKA: a Fast Genetic K-means Clustering Algorithm", Proceeding of the ACM Symposium on Applied computing (SAC), Nicosia, Cyprus, pp. 622-623, 2004.
Maheyzah, M. S., Mohd Aizaini, M., and Siti Zaiton, M. H. (2009), "Intelligent Alert Clustering Model for Network Intrusion Analysis", Int. Jurnal in Advances Soft Computing and Its Applications (IJASCA), Vol. 1, Issue 1, pp. 33 – 48, 2009.
Matlab Software, http://www.mathworks.com.
MIT Lincoln Lab., DARPA 1998 Intrusion Detection Evaluation Datasets. Available: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html, 1998.
Neural Network Toolbox, "ANN Toolbox for MATLAB", www.mathworks.com/products/neuralnetwork, 2011.
Nuovo A. D. G., Catania V., Palesi M., "The Hybrid Genetic Fuzzy C-means: a Reasoned Implementation", Proceedings of the 7th WSEAS International Conference on Fuzzy Systems, ACM, pp. 33-38, 2006.
Snort Manual, www.snort.org/assets/82/snort_manual.pdf.
Snort: The open source network intrusion detection system. Available: http://www.snort.org/.
Wang J., Baojiang Cui, "Clustering IDS Alarms with an IGA-based Approach", ICCCAS, pp. 586-591, 2009.
Wang, J., Wang, H., Zhao, G., "A GA-based Solution to an NP-hard Problem of Clustering Security Events", IEEE, pp. 2093- 2097, 2006.
Mr. Amir Azimi Alasti Ahrabi
Islamic Azad University, Shabestar Branch - Iran
amir.azimi.alasti@gmail.com
Mr. Kaveh Feyzi
- Turkey
Mr. Zahra Atashbar Orang
Islamic Azad University, Shabestar Branch - Iran
Mr. Hadi Bahrbegi
Islamic Azad University, Shabestar Branch - Iran
Mr. Elnaz Safarzadeh
Islamic Azad University, Shabestar Branch - Iran