Filtering intrusion detection alarms

LAUR Repository

Show simple item record

dc.contributor.author Mansour, Nashat
dc.contributor.author Chehab, Maya I.
dc.contributor.author Faour, Ahmad
dc.date.accessioned 2016-01-25T13:32:32Z
dc.date.available 2016-01-25T13:32:32Z
dc.date.copyright 2010
dc.date.issued 2016-01-25
dc.identifier.issn 1386-7857 en_US
dc.identifier.uri http://hdl.handle.net/10725/2948
dc.description.abstract A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data. en_US
dc.language.iso en en_US
dc.title Filtering intrusion detection alarms en_US
dc.type Article en_US
dc.description.version Published en_US
dc.author.school SAS en_US
dc.author.idnumber 198629170 en_US
dc.author.woa N/A en_US
dc.author.department Computer Science and Mathematics en_US
dc.description.embargo N/A en_US
dc.relation.journal Cluster Computing en_US
dc.journal.volume 13 en_US
dc.journal.issue 1 en_US
dc.article.pages 19-29 en_US
dc.keywords Alarm filtering en_US
dc.keywords Computer security en_US
dc.keywords Growing hierarchical self-organizing map en_US
dc.keywords Intrusion detection en_US
dc.keywords Self-organizing map en_US
dc.identifier.doi http://dx.doi.org/10.1007/s10586-009-0096-9 en_US
dc.identifier.ctation Mansour, N., Chehab, M. I., & Faour, A. (2010). Filtering intrusion detection alarms. Cluster Computing, 13(1), 19-29. en_US
dc.author.email nmansour@lau.edu.lb
dc.identifier.url http://link.springer.com/article/10.1007/s10586-009-0096-9

Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search LAUR

Advanced Search


My Account