Hierarchically Clustering IDS Alarms Using a GA with Vary-lengthed Chromosomes
作者: Aiguo Fei , Xiaoli Dong
DOI: 10.1109/ISIP.2010.96
关键词:
摘要: Intrusion detection systems (IDS) usually trigger a great number of alarm messages that frequently overwhelm their human operators. Hierarchically clustering technique is able to help IDS operators get meaningful overviews from the alarms. A dilemma encountered when clusters are generated. If obtained one by one, they cannot be prevented overlapping each other, which makes it quite likely mislead operator, if in batch, total must guessed before clustering, indicates possibly imprecise cluster or repeated running. In this paper, we propose GA (genetic algorithm)-based approach vary-lengthed chromosomes adopted instead fixed-lengthed chromosomes. The encoding scheme different numbers encoded into lengths addition, other genetic operations such as selection, crossover and mutation, discussed detail. Results several experiments encouraging, including newly proposed efficiently generate fitful high quality batch.
sci-hub.se 参考文章(10)
Klaus Julisch, Dealing with False Positives in Intrusion Detection ,(2000)
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Klaus Julisch, Marc Dacier, Mining intrusion detection alarms for actionable knowledge Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02. pp. 366- 375 ,(2002) , 10.1145/775047.775101
Jianxin Wang, Yunqing Xia, Hongzhou Wang, Minining Intrusion Detection Alarms with an SA-based Clustering Approach international conference on communications, circuits and systems. pp. 905- 909 ,(2007) , 10.1109/ICCCAS.2007.4348195
Jianxin Wang, Hongzhou Wang, Geng Zhao, A GA-based Solution to an NP-hard Problem of Clustering Security Events international conference on communications, circuits and systems. ,vol. 3, pp. 2093- 2097 ,(2006) , 10.1109/ICCCAS.2006.284911
Stefanos Manganaris, Marvin Christensen, Dan Zerkle, Keith Hermiz, A data mining analysis of RTID alarms recent advances in intrusion detection. ,vol. 34, pp. 571- 577 ,(2000) , 10.1016/S1389-1286(00)00138-9
W. Sheng, S. Swift, L. Zhang, X. Liu, A weighted sum validity function for clustering with a hybrid niching genetic algorithm systems man and cybernetics. ,vol. 35, pp. 1156- 1167 ,(2005) , 10.1109/TSMCB.2005.850173
Klaus Julisch, Clustering intrusion detection alarms to support root cause analysis ACM Transactions on Information and System Security. ,vol. 6, pp. 443- 471 ,(2003) , 10.1145/950191.950192
Jianxin Wang, Reducing the Overlap among Hierarchical Clusters with a GA-Based Approach international conference on information science and engineering. pp. 924- 927 ,(2009) , 10.1109/ICISE.2009.876
Rebecca Gurley Bace, Intrusion detection ,(1999)