Filtering intrusion detection alarms

Cluster Computing

Volumn 13, Issue 1, 2010, Pages 19-29

  Mansour, Nashat ^a   Chehab, Maya I ^a   Faour, Ahmad ^b  

^a LEBANESE AMERICAN UNIVERSITY   (Lebanon)

^b LEBANESE UNIVERSITY   (Lebanon)

Author keywords

Alarm filtering; Computer security; Growing hierarchical self organizing map; Intrusion detection; Self organizing map

Indexed keywords

COMPUTER SECURITY; DATA MINING TECHNIQUES; EMPIRICAL RESULTS; FALSE ALARMS; FALSE POSITIVE; GROWING HIERARCHICAL SELF-ORGANIZING MAPS; INTRUSION DATA; ITS ARCHITECTURE; MAKING DECISION; NETWORK ADMINISTRATOR; NETWORK INTRUSION DETECTION SYSTEMS; REAL-WORLD; UNSUPERVISED TRAINING;

ALARM SYSTEMS; COMPUTER CRIME; CONFORMAL MAPPING; DATA MINING; NETWORK SECURITY;

INTRUSION DETECTION;

EID: 77649235431     PISSN: 13867857     EISSN: 15737543     Source Type: Journal    
DOI: 10.1007/s10586-009-0096-9     Document Type: Article

References (15)

1. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proc. 23rd IEEE Symposium on Security and Privacy, pp. 202-215. Toulouse, France (2002).
2. Faour, A., Leray, P., Eter, B.: Automated filtering of network intrusion detection alerts. In: Proc. 1st Joint Conf. on Security in Network Architectures and Security of Information Systems, pp. 277-291. Seignosse, France (2006).
3. Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proc. International Conference on Knowledge Discovery and Data Mining, pp. 366-375. Edmonton, Canada (2002).
4. Kayacik, H. G., Zincir-Heywood, A. N., Heywood, M. I.: On the capability of SOM based intrusion detection systems. In: Proc. IEEE International Joint Conference on Neural Networks, pp. 1808-1813 (2003).
5. Kayacik, H. G., Zincir-Heywood, A. N., Malcolm, I.: A hierarchical SOM-based intrusion detection system. Eng. Appl. Artificial Intell. 20(4), 439-451 (2007).
6. Kohonen, T.: Self-Organizing Maps. Springer, Berlin (1995).
7. Kruegel, C., Robertson, W., Vigna, G.: Using alert verification to identify successful intrusion attempts. Pract. Inf. Process. Commun. 27(4), 220-228 (2004).
8. Lichodzijewski, P., Zincir-Heywood, A. N., Heywood, M. I.: Host-based intrusion detection using self-organizing maps. In: Proc. IEEE International Joint Conference on Neural Networks, pp. 1714-1719. Honolulu (2002).
9. MatLab Software: The Language of technical computing. Version 6. 0. 0. 88.
10. Ning, P., Xu, D.: Learning attack strategies from intrusion alerts. In: Proc. 10th ACM Conf. on Computer and Communications Security, pp. 200-209. Washington D. C. (2003).
11. Pampalk, E., Widmer, G., Chan, A.: A new approach to hierarchical clustering and structuring of data with self-organizing maps. Intell. Data Analysis J. 8(2), 131-149 (2003).
12. Rachman, O.: Baseline analysis of security data. Securimine Software Inc. (2005). www. securimine. com.
13. Rauber, A., Merkl, D., Dittenbach, M.: The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data. IEEE Trans. Neural Netw. 13(6), 1331-1341 (2002).
14. Xiao, Y., Han, C.: Correlating intrusion alerts into attack scenarios based on improved evolving self-organizing maps. Int. J. Comput. Sci. Netw. Secur. 6(6), 199-203 (2006).
15. Zanero, S.: Improving self-organizing map performance for network intrusion detection. In: International Workshop on Clustering High-Dimensional Data and its Applications. SIAM Conference on Data Mining (2005).