DocumentCode :
614717
Title :
A two-stage technique to improve intrusion detection systems based on data mining algorithms
Author :
Fatma, Hachmi ; Mohamed, Laafou
Author_Institution :
ISG, Univ. of Tunis Tunisia, Tunis, Tunisia
fYear :
2013
fDate :
28-30 April 2013
Firstpage :
1
Lastpage :
6
Abstract :
An intrusion detection system (IDS) is the fundamental part of the security infrastructure, since it ensures the detection of any suspicious action. Although the detection of intrusions and attacks is the ultimate goal, the huge amount of generated alerts cannot be properly managed by the administrator. In order to improve the accuracy of sensors, we adopt a two-stage technique. The first one aims to generate meta-alerts through clustering and the second one aims to reduce the rate of false alarms using a binary classification of the generated meta-alerts. For the first stage we use two alternatives, self-organizing map (SOM) with k-means algorithm and neural GAS with fuzzy c-means algorithm. For the second stage we use three approaches, SOM with K-means algorithm, support vector machine and decision trees. Based on a public data set and several evaluation criteria, our proposed procedures are evaluated. Results show that our procedures outperform other competitor methods by reducing the rate of false positives.
Keywords :
data mining; decision trees; fuzzy set theory; pattern classification; pattern clustering; security of data; self-organising feature maps; IDS; SOM; attack detection; binary classification; clustering; data mining algorithm; decision tree; false alarm rate reduction; fuzzy c-means algorithm; intrusion detection system; k-means algorithm; meta-alert; neural GAS; security infrastructure; self-organizing map; support vector machine; Classification algorithms; Clustering algorithms; Databases; Silicon; Telecommunication traffic; Testing; IDS; alerts; binary classification; clustering; meta-alerts;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Modeling, Simulation and Applied Optimization (ICMSAO), 2013 5th International Conference on
Conference_Location :
Hammamet
Print_ISBN :
978-1-4673-5812-5
Type :
conf
DOI :
10.1109/ICMSAO.2013.6552542
Filename :
6552542
Link To Document :
بازگشت