过滤入侵检测告警的增长层次自组织映射

2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008) Pub Date : 2008-05-07 DOI:10.1109/I-SPAN.2008.42

Maya Shehab, N. Mansour, Ahmad Faour

{"title":"过滤入侵检测告警的增长层次自组织映射","authors":"Maya Shehab, N. Mansour, Ahmad Faour","doi":"10.1109/I-SPAN.2008.42","DOIUrl":null,"url":null,"abstract":"A network intrusion detection system (NIDS) monitors all network actions and generates alarms when it detects suspicious attempts. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a growing hierarchical self-organizing map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is useful for real-world intrusion data.","PeriodicalId":305776,"journal":{"name":"2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Growing Hierarchical Self-Organizing Map for Filtering Intrusion Detection Alarms\",\"authors\":\"Maya Shehab, N. Mansour, Ahmad Faour\",\"doi\":\"10.1109/I-SPAN.2008.42\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A network intrusion detection system (NIDS) monitors all network actions and generates alarms when it detects suspicious attempts. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a growing hierarchical self-organizing map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is useful for real-world intrusion data.\",\"PeriodicalId\":305776,\"journal\":{\"name\":\"2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008)\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-05-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I-SPAN.2008.42\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I-SPAN.2008.42","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

网络入侵检测系统(network intrusion detection system，简称NIDS)监控所有网络行为，并在检测到可疑企图时发出告警。我们提出了一种数据挖掘技术，以帮助网络管理员分析和减少由NIDS产生的误报警报。我们的数据挖掘技术是基于一个不断增长的分层自组织映射(GHSOM)，它在无监督的训练过程中根据输入报警数据的特征调整其结构。GHSOM以一种支持网络管理员判断真假警报的方式对这些警报进行集群。我们的实证结果表明，我们的技术对现实世界的入侵数据是有用的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Growing Hierarchical Self-Organizing Map for Filtering Intrusion Detection Alarms

A network intrusion detection system (NIDS) monitors all network actions and generates alarms when it detects suspicious attempts. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a growing hierarchical self-organizing map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is useful for real-world intrusion data.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 International Symposium on Parallel Architectures, Algorithms, and Networks (i-span 2008)

自引率

0.00%

发文量