Title :
Growing Hierarchical Self-Organizing Map for Filtering Intrusion Detection Alarms
Author :
Shehab, Maya ; Mansour, Nashat ; Faour, Ahmad
Author_Institution :
Div. of Comput. Sci. a nd Math., Lebanese American Univ., Beirut
Abstract :
A network intrusion detection system (NIDS) monitors all network actions and generates alarms when it detects suspicious attempts. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a growing hierarchical self-organizing map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is useful for real-world intrusion data.
Keywords :
computer network management; data mining; decision making; information filtering; monitoring; self-organising feature maps; telecommunication security; unsupervised learning; data mining technique; decision making; decision support layer; growing hierarchical self-organizing map; intrusion detection alarm filtering; network action monitoring; network administration; network intrusion detection system; unsupervised training process; Computer displays; Computer science; Data mining; Data security; Electronic mail; Filtering algorithms; Intrusion detection; Mathematics; Parallel architectures; Quantization; alarm filtering; computer security; growing hierarchical self-organizing map; intrusion detection; self-organizing map;
Conference_Titel :
Parallel Architectures, Algorithms, and Networks, 2008. I-SPAN 2008. International Symposium on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-0-7695-3125-0
DOI :
10.1109/I-SPAN.2008.42
