Universiti Teknologi Malaysia Institutional Repository

Intelligent clustering with PCA and unsupervised learning algorithm in intrusion alert correlation

Md. Siraj, Maheyzah and Maarof, Mohd. Aizaini and Mohd. Hashim, Siti Zaiton (2009) Intelligent clustering with PCA and unsupervised learning algorithm in intrusion alert correlation. In: The 5th International Conference on Information Assurance and Security, 2009, Xian, China.


Official URL: http://ieeexplore.ieee.org/document/5283194/?part=...


As security threats advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:improve unit range
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computer Science and Information System (Formerly known)
ID Code:15334
Deposited By: Liza Porijo
Deposited On:26 Sep 2011 04:40
Last Modified:11 Oct 2017 04:19

Repository Staff Only: item control page