Universiti Teknologi Malaysia Institutional Repository

Integration of PSO and K-means clustering algorithm for structural-based alert correlation model

Ho, Hazelyn Wern Hua and Md. Siraj, Maheyzah and Mat Din, Mazura (2017) Integration of PSO and K-means clustering algorithm for structural-based alert correlation model. International Journal of Innovative Computing, 7 (2). pp. 34-39. ISSN 2180-4370

[img]
Preview
PDF
532kB

Official URL: https://ijic.utm.my/index.php/ijic/article/view/14...

Abstract

Network-based Intrusion Detection Systems (NIDS) will trigger alerts as notifications of abnormal activities detected in computing and networking resources. As Distributed Denial-of-Service (DDOS) attacks are getting more sophisticated, each attack consists of a series of events which in turn trigger a series of alerts. However, the alerts are produced in a huge amount, of low quality and consist of repeated and false positive alerts. This requires clustering algorithm to effectively correlate the alerts for identifying each unique attack. Soft computing including bio-inspired algorithms are explored to optimally cluster the alerts. Therefore, this study investigates the effects of bio-inspired algorithm in alert correlation (AC) model. Particle Swarming Optimization (PSO) is integrated with K-Means clustering algorithm to conduct structural-based AC. It was tested on the benchmarked DARPA 2000 dataset. The efficiency of the AC model was evaluated using clustering accuracy, error rate and processing time measurements. Surprisingly, the experimental results show that K-Means algorithm works better than the integration of PSO and K-Means. K-Means gives 99.67% clustering accuracy while PSO and K-Means gives 92.71% clustering accuracy. This indicates that a single clustering algorithm is sufficient for optimal structural-based AC instead of integrated PSO and K-Means.

Item Type:Article
Uncontrolled Keywords:Structural-based Alert Correlation, DARPA 2000, Particle Swarming Optimization, K-Means, Clustering
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:80348
Deposited By: Fazli Masari
Deposited On:10 May 2019 15:16
Last Modified:10 May 2019 15:16

Repository Staff Only: item control page