Abstract
Since the birth of Intrusion Detection System (IDS)technology, the most significant implementation problem is theenormous number of alerts generated by the IDS sensors. Moreover due to this obtrusive predicament, two other problems have emerged which are the difficulty in processing the alerts accurately and also the decrease in performance rate in terms of time and memory capacity while processing these alerts. Thus, based on the specified problems, the purpose of our overall research is to construct a holistic solution that is able to reduce the number of alerts to be processed and at the same time to produce a high quality attack scenarios that are meaningful tothe administrators in a timely manner. However for the purpose of this paper we will present our proposed clustering method, architectured solely with the intention of reducing the amount of alerts generated by IDS. The clustering method was tested against a live data from a cyber attack monitoring unit that uses SNORT engine to capture the alerts. The result obtained from the experiment is very promising; the clustering algorithm was able to reduce about 86.9% of the alerts used in the experiment. From the result we are able to highlight the contribution to practitioners in an actual working environment.
| Original language | English |
|---|---|
| Title of host publication | 2012 International Conference on Communication Systems and Network Technologies |
| Editors | Geetam Tomar, Gauri S. Mittal, Frank Z. Wang |
| Place of Publication | Rajkot, India |
| Publisher | IEEE Computer Society |
| Pages | 720-725 |
| Number of pages | 6 |
| ISBN (Print) | 9781467315388 |
| DOIs | |
| Publication status | Published - 2012 |
| Externally published | Yes |
| Event | Communication Systems and Network Technologies (CSNT) - Rajkot, India , India Duration: 11 May 2012 → 13 May 2012 |
Conference
| Conference | Communication Systems and Network Technologies (CSNT) |
|---|---|
| Country | India |
| Period | 11/05/12 → 13/05/12 |