Cover Image

Alert correlation using a novel clustering approach

Since the birth of intrusion detection system (ids) technology, the most significant implementation problem is the enormous number of alerts generated by the ids sensors. moreover due to this obtrusive predicament, two other problems have emerged which are the difficulty in processing the alerts acc...

Full description

Saved in:
Bibliographic Details
Main Authors: Mohamed, Ashara Banu, Idris, Norbik Bashah, Shanmugam, Bharanidharan
Format: Book Section
Published: IEEE 2012
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utm.my/id/eprint/34273/
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6200725
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.34273
record_format eprints
spelling my.utm.342732017-02-02T05:53:33Z http://eprints.utm.my/id/eprint/34273/ Alert correlation using a novel clustering approach Mohamed, Ashara Banu Idris, Norbik Bashah Shanmugam, Bharanidharan QA75 Electronic computers. Computer science Since the birth of intrusion detection system (ids) technology, the most significant implementation problem is the enormous number of alerts generated by the ids sensors. moreover due to this obtrusive predicament, two other problems have emerged which are the difficulty in processing the alerts accurately and also the decrease in performance rate in terms of time and memory capacity while processing these alerts. thus, based on the specified problems, the purpose of our overall research is to construct a holistic solution that is able to reduce the number of alerts to be processed and at the same time to produce a high quality attack scenarios that are meaningful to the administrators in a timely manner. however for the purpose of this paper we will present our proposed clustering method, architectured solely with the intention of reducing the amount of alerts generated by ids. the clustering method was tested against a live data from a cyber attack monitoring unit that uses snort engine to capture the alerts. the result obtained from the experiment is very promising, the clustering algorithm was able to reduce about 86.9% of the alerts used in the experiment. from the result we are able to highlight the contribution to practitioners in an actual working environment. IEEE 2012 Book Section PeerReviewed Mohamed, Ashara Banu and Idris, Norbik Bashah and Shanmugam, Bharanidharan (2012) Alert correlation using a novel clustering approach. In: Proceedings - International Conference on Communication Systems and Network Technologies, CSNT 2012. IEEE, New York, USA, pp. 720-725. ISBN 978-076954692-6 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6200725 DOI:10.1109/CSNT.2012.212
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Mohamed, Ashara Banu
Idris, Norbik Bashah
Shanmugam, Bharanidharan
Alert correlation using a novel clustering approach
description Since the birth of intrusion detection system (ids) technology, the most significant implementation problem is the enormous number of alerts generated by the ids sensors. moreover due to this obtrusive predicament, two other problems have emerged which are the difficulty in processing the alerts accurately and also the decrease in performance rate in terms of time and memory capacity while processing these alerts. thus, based on the specified problems, the purpose of our overall research is to construct a holistic solution that is able to reduce the number of alerts to be processed and at the same time to produce a high quality attack scenarios that are meaningful to the administrators in a timely manner. however for the purpose of this paper we will present our proposed clustering method, architectured solely with the intention of reducing the amount of alerts generated by ids. the clustering method was tested against a live data from a cyber attack monitoring unit that uses snort engine to capture the alerts. the result obtained from the experiment is very promising, the clustering algorithm was able to reduce about 86.9% of the alerts used in the experiment. from the result we are able to highlight the contribution to practitioners in an actual working environment.
format Book Section
author Mohamed, Ashara Banu
Idris, Norbik Bashah
Shanmugam, Bharanidharan
author_facet Mohamed, Ashara Banu
Idris, Norbik Bashah
Shanmugam, Bharanidharan
author_sort Mohamed, Ashara Banu
title Alert correlation using a novel clustering approach
title_short Alert correlation using a novel clustering approach
title_full Alert correlation using a novel clustering approach
title_fullStr Alert correlation using a novel clustering approach
title_full_unstemmed Alert correlation using a novel clustering approach
title_sort alert correlation using a novel clustering approach
publisher IEEE
publishDate 2012
url http://eprints.utm.my/id/eprint/34273/
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6200725
_version_ 1643649551838478336
score 13.211869

Similar Items