Cover Image

Integration of PSO and K-means clustering algorithm for structural-based alert correlation model

Network-based Intrusion Detection Systems (NIDS) will trigger alerts as notifications of abnormal activities detected in computing and networking resources. As Distributed Denial-of-Service (DDOS) attacks are getting more sophisticated, each attack consists of a series of events which in turn trigge...

Full description

Saved in:
Bibliographic Details
Main Authors: Ho, Hazelyn Wern Hua, Md. Siraj, Maheyzah, Mat Din, Mazura
Format: Article
Language:English
Published: Penerbit UTM Press 2017
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utm.my/id/eprint/80348/1/MazuraMatDin2017_IntegrationofPSOandK-MeansClustering.pdf
http://eprints.utm.my/id/eprint/80348/
https://ijic.utm.my/index.php/ijic/article/view/148
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.80348
record_format eprints
spelling my.utm.803482019-05-10T07:16:38Z http://eprints.utm.my/id/eprint/80348/ Integration of PSO and K-means clustering algorithm for structural-based alert correlation model Ho, Hazelyn Wern Hua Md. Siraj, Maheyzah Mat Din, Mazura QA75 Electronic computers. Computer science Network-based Intrusion Detection Systems (NIDS) will trigger alerts as notifications of abnormal activities detected in computing and networking resources. As Distributed Denial-of-Service (DDOS) attacks are getting more sophisticated, each attack consists of a series of events which in turn trigger a series of alerts. However, the alerts are produced in a huge amount, of low quality and consist of repeated and false positive alerts. This requires clustering algorithm to effectively correlate the alerts for identifying each unique attack. Soft computing including bio-inspired algorithms are explored to optimally cluster the alerts. Therefore, this study investigates the effects of bio-inspired algorithm in alert correlation (AC) model. Particle Swarming Optimization (PSO) is integrated with K-Means clustering algorithm to conduct structural-based AC. It was tested on the benchmarked DARPA 2000 dataset. The efficiency of the AC model was evaluated using clustering accuracy, error rate and processing time measurements. Surprisingly, the experimental results show that K-Means algorithm works better than the integration of PSO and K-Means. K-Means gives 99.67% clustering accuracy while PSO and K-Means gives 92.71% clustering accuracy. This indicates that a single clustering algorithm is sufficient for optimal structural-based AC instead of integrated PSO and K-Means. Penerbit UTM Press 2017 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/80348/1/MazuraMatDin2017_IntegrationofPSOandK-MeansClustering.pdf Ho, Hazelyn Wern Hua and Md. Siraj, Maheyzah and Mat Din, Mazura (2017) Integration of PSO and K-means clustering algorithm for structural-based alert correlation model. International Journal of Innovative Computing, 7 (2). pp. 34-39. ISSN 2180-4370 https://ijic.utm.my/index.php/ijic/article/view/148
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Ho, Hazelyn Wern Hua
Md. Siraj, Maheyzah
Mat Din, Mazura
Integration of PSO and K-means clustering algorithm for structural-based alert correlation model
description Network-based Intrusion Detection Systems (NIDS) will trigger alerts as notifications of abnormal activities detected in computing and networking resources. As Distributed Denial-of-Service (DDOS) attacks are getting more sophisticated, each attack consists of a series of events which in turn trigger a series of alerts. However, the alerts are produced in a huge amount, of low quality and consist of repeated and false positive alerts. This requires clustering algorithm to effectively correlate the alerts for identifying each unique attack. Soft computing including bio-inspired algorithms are explored to optimally cluster the alerts. Therefore, this study investigates the effects of bio-inspired algorithm in alert correlation (AC) model. Particle Swarming Optimization (PSO) is integrated with K-Means clustering algorithm to conduct structural-based AC. It was tested on the benchmarked DARPA 2000 dataset. The efficiency of the AC model was evaluated using clustering accuracy, error rate and processing time measurements. Surprisingly, the experimental results show that K-Means algorithm works better than the integration of PSO and K-Means. K-Means gives 99.67% clustering accuracy while PSO and K-Means gives 92.71% clustering accuracy. This indicates that a single clustering algorithm is sufficient for optimal structural-based AC instead of integrated PSO and K-Means.
format Article
author Ho, Hazelyn Wern Hua
Md. Siraj, Maheyzah
Mat Din, Mazura
author_facet Ho, Hazelyn Wern Hua
Md. Siraj, Maheyzah
Mat Din, Mazura
author_sort Ho, Hazelyn Wern Hua
title Integration of PSO and K-means clustering algorithm for structural-based alert correlation model
title_short Integration of PSO and K-means clustering algorithm for structural-based alert correlation model
title_full Integration of PSO and K-means clustering algorithm for structural-based alert correlation model
title_fullStr Integration of PSO and K-means clustering algorithm for structural-based alert correlation model
title_full_unstemmed Integration of PSO and K-means clustering algorithm for structural-based alert correlation model
title_sort integration of pso and k-means clustering algorithm for structural-based alert correlation model
publisher Penerbit UTM Press
publishDate 2017
url http://eprints.utm.my/id/eprint/80348/1/MazuraMatDin2017_IntegrationofPSOandK-MeansClustering.pdf
http://eprints.utm.my/id/eprint/80348/
https://ijic.utm.my/index.php/ijic/article/view/148
_version_ 1643658386447794176
score 13.211869

Similar Items