A new system to evaluate GA-based clustering algorithms in Intrusion Detection alert management system

Author

Bahrbegi, Hadi ; Navin, Ahmad Habibizad ; Ahrabi, Amir Azimi Alasti ; Mirnia, Mir Kamal ; Mollanejad, Amir

Author_Institution

I.A.U. of Shabestar, Tabriz, Iran

fYear

2010

fDate

15-17 Dec. 2010

Firstpage

115

Lastpage

120

Abstract

Intrusion Detection Systems (IDS) allow to protect systems used by organizations against threats that emerges network connectivity by increasing. The main drawbacks of IDS are the number of alerts generated and failing. Thus in this paper an alert clustering and classification system are proposed. It is able to classify IDS alerts and reduces false positive alerts using clustering of genetic algorithms. To improve the accuracy of the proposed system alert filtering algorithm are used. To achieve the best accuracy in false positive alert reduction and true positive alert clustering and classification, several genetic algorithms are compared. In addition to the known clustering algorithms, two new clustering algorithms are introduced based on Genetic Algorithm and compared with others. By the experimental results on DARPA KDD cup 98 the system is able to cluster and classify alerts and causes reducing false positive alerts considerably.

Keywords

genetic algorithms; pattern classification; pattern clustering; security of data; DARPA KDD cup 98; GA-based clustering algorithms; IDS; false positive alert reduction; genetic algorithms; intrusion detection alert management system; system alert filtering algorithm; true positive alert classification; true positive alert clustering; Clustering algorithms; Genetic Algorithm; IDS; alert classification; alert clustering; false positive alert reduction;

fLanguage

English

Publisher

ieee

Conference_Titel

Nature and Biologically Inspired Computing (NaBIC), 2010 Second World Congress on

Conference_Location

Fukuoka

Print_ISBN

978-1-4244-7377-9

Type

conf

DOI

10.1109/NABIC.2010.5716289

Filename

5716289