Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation

机译：PCA和无监督学习算法的入侵警报关联智能聚类

获取原文

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

As security threats advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time.

机译：随着安全威胁的急剧发展，大多数组织都实施了多个网络入侵检测系统（NIDS）以优化检测并提供入侵活动的全面视图。但是，NIDS即使一天仍会触发大量警报，并且使安全专家不知所措。因此，自动和智能集群对于通过将警报与通用属性进行分组来揭示其结构相关性很重要。我们提出了一种新的混合聚类模型，该模型基于改进的单位范围（IUR），主成分分析（PCA）和无监督学习算法（期望最大化）来聚合相似警报并减少警报数量。我们针对其他无监督学习算法进行了测试，以验证所提出模型的性能。我们的经验结果表明，使用DARPA 2000数据集，该模型在聚类精度和处理时间方面给出了更好的结果。

著录项

来源
《The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议）论文集》|2009年|679-682|共4页
会议地点 Xi'an(CN);Xi'an(CN)
作者
Maheyzah Md Siraj; Mohd Aizaini Maarof; Siti Zaiton Mohd Hashim;
展开▼
作者单位

Faculty of Computer Science and Information Systems Universiti Teknologi Malaysia 81310 Skudai Johor Malaysia;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
alert correlation; alert clustering; unsupervised learning; PCA; Expectation Maximization;

机译：警报关联；警报集群；无监督学习； PCA；期望最大化;

相似文献

外文文献
中文文献
专利

1. Alert correlation in collaborative intelligent intrusion detection systems - A survey [J] . Huwaida Tagelsir Elshoush, Izzeldin Mohamed Osman Applied Soft Computing . 2011,第7期

机译：协作智能入侵检测系统中的警报关联-调查
2. Intelligent Alert Clustering Model for Network Intrusion Analysis [J] . Maheyzah Md Siraj, Mohd Aizaini Maarof, Siti Zaiton Mohd Hashim International Journal of Advances in Soft Computing and Its Applications . 2009,第1期

机译：用于网络入侵分析的智能警报聚类模型
3. A novel unsupervised feature-based approach for electricity theft detection using robust PCA and outlier removal clustering algorithm [J] . Hussain Saddam, Mustafa Mohd Wazir, Jumani Touqeer Ahmed, European transactions on electrical power engineering . 2020,第11期

机译：一种新颖的无监督特征的电力盗窃检测方法，使用鲁棒PCA和异常删除聚类算法
4. Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation [C] . Maheyzah Md Siraj, Mohd Aizaini Maarof, Siti Zaiton Mohd Hashim International Conference on Information Assurance and Security . 2009

机译：智能聚类与PCA和无监督学习算法在入侵警报相关性中
5. Correlating intrusion alerts with unsupervised learning. [D] . Smith, Reuben. 2006

机译：将入侵警报与无监督学习相关联。
6. Intrusion-Aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks [O] . Riaz Ahmed Shaikh, Hassan Jameel, Brian J. d’Auriol, 2009

机译：无线传感器网络协同分布式入侵检测方案的入侵感知警报验证算法
7. Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation [O] . Maheyzah Md Siraj, Mohd Aizaini Maarof, Siti Zaiton, 2015

机译：基于pCa和无监督学习算法的入侵报警关联智能聚类

Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅