원문정보
초록
영어
One of the most important tools in security field is Intrusion Detection System. The aim of the IDS is to monitor suspicious network traffic and generate alerts. These systems are known to generate numerousfalse positive alerts. Analyzing the alerts manually by security expert need more time and could be error prone.Another problem with IDS is Identifying attack types and generating correct alerts related to attacks.we introducenew alert management systems to overcome mentioned problems. Alert management systems help security experts to manage alerts and produce a high level view of alerts. In this paper a new alert clustering algorithm for IDS Alert Management System proposed that uses the K-mean Based Genetic (KBG). The proposed algorithm reduces alerts and detects false positive alerts. By the experimental results on DARPA KDD cup 98 the system is able to cluster and classify alerts and causes reducing false positive alerts considerably.
목차
1. Introduction
2. Related Works
3. Proposed Alert Management System Based on Kbg
3.1. Labeling Unit
3.2. Normalization and Filtering Unit
3.3. Preprocessing Unit
3.4. K-means Based Genetic Algorithm (Cluster/Classify) Unit
4. KBG Clustering
5. Experimental Results
6. Future Works
References