An Alert Aggregation Algorithm Based on Iterative Self-Organization

被引:9
作者
Man, Dapeng [1 ]
Yang, Wu [1 ]
Wang, Wei [1 ]
Xuan, Shichang [1 ]
机构
[1] Harbin Engn Univ, Informat Secur Res Ctr, Harbin 150001, Peoples R China
来源
2012 INTERNATIONAL WORKSHOP ON INFORMATION AND ELECTRONICS ENGINEERING | 2012年 / 29卷
关键词
network security; intrusion detection system; alert aggregation; iterative self-organization; clustering algorithm;
D O I
10.1016/j.proeng.2012.01.435
中图分类号
TH [机械、仪表工业];
学科分类号
0802 ;
摘要
Considering the problem that intrusion detection systems always produced duplicated alarm information, in this paper we propose an iterative self-organization clustering algorithm. It begins with calculating average value of classes as the new clustering center on the basis of random selection, merging and dividing dynamically, then finish the clustering procedure through the iteration finally. Experimental results with DARPA1999 testing data set show that the clustering method is more excellent than traditional clustering methods in both aggregation rate and error aggregation rate. Besides, it reduces duplicated alarm effectively and provides assistance to further related work. (C) 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of Harbin University of Science and Technology
引用
收藏
页码:3033 / 3038
页数:6
相关论文
共 8 条
[1]  
Dain O, 2001, PROCEEDINGS OF THE 2, P1
[2]  
Ma Lin-ru, 2006, Journal of China Institute of Communications, V27, P47
[3]  
[穆成坡 Mu Chengpo], 2005, [计算机研究与发展, Journal of Computer Research and Development], V42, P1679, DOI 10.1360/crad20051006
[4]  
Peng N, 2002, SUBMITTED FOR PUBLIC
[5]  
Qi Min, 2009, INTRODUCTION TO PATT, P28
[6]  
[田志宏 Tian Zhihong], 2009, [计算机研究与发展, Journal of Computer Research and Development], V46, P1304
[7]  
Valdes A, 2001, PORC OF THE 4TH INTL, P54
[8]  
Valdes A., 2001, THE 4TH INTERNATIONA