Filtering intrusion detection alarms
Mansour, Nashat and Chehab, Maya I. and Faour, Ahmad (2010) Filtering intrusion detection alarms. Cluster Computing, 13 (1). pp. 19-29. ISSN 1386-7857
Full text not available from this repository.Abstract
A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack.We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data.
| Item Type: | Article |
|---|---|
| Additional Information: | Submitted to REF 2014, UoA 11, Maya Chehab |
| Identification Number: | 10.1007/s10586-009-0096-9 |
| Dates: | Date Event 2010 UNSPECIFIED |
| Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science CAH11 - computing > CAH11-01 - computing > CAH11-01-03 - information systems |
| Divisions: | Faculty of Computing, Engineering and the Built Environment Faculty of Computing, Engineering and the Built Environment > College of Computing |
| Depositing User: | Users 18 not found. |
| Date Deposited: | 07 Jun 2016 12:33 |
| Last Modified: | 22 Mar 2023 12:02 |
| URI: | https://www.open-access.bcu.ac.uk/id/eprint/248 |
Actions (login required)
 |
View Item |
Tools
Tools
