A GA-based Solution to an NP-hard Problem of Clustering Security Events
作者: Jianxin Wang , Hongzhou Wang , Geng Zhao
DOI: 10.1109/ICCCAS.2006.284911
关键词: Crossover 、 Algorithm 、 Computational complexity theory 、 A priori and a posteriori 、 Computer science 、 Approximation algorithm 、 Genetic algorithm 、 Cluster analysis 、 False positive paradox 、 Correlation clustering
摘要: The clustering approach forwarded by Klaus Julisch is considerably effectual in eliminating false positives and finding root causes among huge amount of security events. But the problem was proved to be unfortunately an NP-hard one. In this paper, a GA-based algorithm forwarded, which much more effective than original approximation Julisch. coding scheme genetic operations including selection, crossover, mutation are discussed detail. To validate quality newly-forwarded approach, tree-version apriori given, quite time-consuming but able produce absolutely accurate solution used for comparison feasible period time. results show that valid efficient can find optimal clusters very similar ones.
sci-hub.se 参考文章(9)
Klaus Julisch, Dealing with False Positives in Intrusion Detection ,(2000)
John H. Holland, Adaptation in natural and artificial systems ,(1992)
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Klaus Julisch, Marc Dacier, Mining intrusion detection alarms for actionable knowledge Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02. pp. 366- 375 ,(2002) , 10.1145/775047.775101
Stefanos Manganaris, Marvin Christensen, Dan Zerkle, Keith Hermiz, A data mining analysis of RTID alarms recent advances in intrusion detection. ,vol. 34, pp. 571- 577 ,(2000) , 10.1016/S1389-1286(00)00138-9
Klaus Julisch, Clustering intrusion detection alarms to support root cause analysis ACM Transactions on Information and System Security. ,vol. 6, pp. 443- 471 ,(2003) , 10.1145/950191.950192
Jianxin Wang, Geng Zhao, Weidong Zhang, A subjective distance for clustering security events international conference on communications circuits and systems. ,vol. 1, pp. 74- 78 ,(2005) , 10.1109/ICCCAS.2005.1493365
Rakesh Agrawal, Tomasz Imieliński, Arun Swami, Mining association rules between sets of items in large databases Proceedings of the 1993 ACM SIGMOD international conference on Management of data - SIGMOD '93. ,vol. 22, pp. 207- 216 ,(1993) , 10.1145/170035.170072
Rebecca Gurley Bace, Intrusion detection ,(1999)