Title :
A new system to evaluate GA-based clustering algorithms in Intrusion Detection alert management system
Author :
Bahrbegi, Hadi ; Navin, Ahmad Habibizad ; Ahrabi, Amir Azimi Alasti ; Mirnia, Mir Kamal ; Mollanejad, Amir
Author_Institution :
I.A.U. of Shabestar, Tabriz, Iran
Abstract :
Intrusion Detection Systems (IDS) allow to protect systems used by organizations against threats that emerges network connectivity by increasing. The main drawbacks of IDS are the number of alerts generated and failing. Thus in this paper an alert clustering and classification system are proposed. It is able to classify IDS alerts and reduces false positive alerts using clustering of genetic algorithms. To improve the accuracy of the proposed system alert filtering algorithm are used. To achieve the best accuracy in false positive alert reduction and true positive alert clustering and classification, several genetic algorithms are compared. In addition to the known clustering algorithms, two new clustering algorithms are introduced based on Genetic Algorithm and compared with others. By the experimental results on DARPA KDD cup 98 the system is able to cluster and classify alerts and causes reducing false positive alerts considerably.
Keywords :
genetic algorithms; pattern classification; pattern clustering; security of data; DARPA KDD cup 98; GA-based clustering algorithms; IDS; false positive alert reduction; genetic algorithms; intrusion detection alert management system; system alert filtering algorithm; true positive alert classification; true positive alert clustering; Clustering algorithms; Genetic Algorithm; IDS; alert classification; alert clustering; false positive alert reduction;
Conference_Titel :
Nature and Biologically Inspired Computing (NaBIC), 2010 Second World Congress on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-7377-9
DOI :
10.1109/NABIC.2010.5716289
