• DocumentCode
    1801512
  • Title

    Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation

  • Author

    Siraj, Maheyzah Md ; Maarof, Mohd Aizaini ; Hashim, Siti Z. M.

  • Author_Institution
    Fac. of Comput. Sci. & Inf. Syst., Univ. Teknol. Malaysia, Skudai, Malaysia
  • Volume
    1
  • fYear
    2009
  • fDate
    18-20 Aug. 2009
  • Firstpage
    679
  • Lastpage
    682
  • Abstract
    As security threats advance in a drastic way, most of the organizations implement multiple network intrusion detection systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on improved unit range (IUR), principal component analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time.
  • Keywords
    IP networks; expectation-maximisation algorithm; pattern clustering; principal component analysis; telecommunication security; unsupervised learning; IP address; IUR; NIDS; PCA; expectation maximization; improved unit range; intelligent clustering; intrusion alert correlation; network intrusion detection system; principal component analysis; unsupervised learning algorithm; Aggregates; Clustering algorithms; Computer security; Databases; Filters; Humans; Information security; Intrusion detection; Principal component analysis; Unsupervised learning; Expectation Maximization; PCA; alert clustering; alert correlation; unsupervised learning;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
  • Conference_Location
    Xian
  • Print_ISBN
    978-0-7695-3744-3
  • Type

    conf

  • DOI
    10.1109/IAS.2009.261
  • Filename
    5283194