| dc.contributor.author |
Mansour, Nashat |
|
| dc.contributor.author |
Chehab, Maya I. |
|
| dc.contributor.author |
Faour, Ahmad |
|
| dc.date.accessioned |
2016-01-25T13:32:32Z |
|
| dc.date.available |
2016-01-25T13:32:32Z |
|
| dc.date.copyright |
2010 |
|
| dc.date.issued |
2016-01-25 |
|
| dc.identifier.issn |
1386-7857 |
en_US |
| dc.identifier.uri |
http://hdl.handle.net/10725/2948 |
|
| dc.description.abstract |
A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data. |
en_US |
| dc.language.iso |
en |
en_US |
| dc.title |
Filtering intrusion detection alarms |
en_US |
| dc.type |
Article |
en_US |
| dc.description.version |
Published |
en_US |
| dc.author.school |
SAS |
en_US |
| dc.author.idnumber |
198629170 |
en_US |
| dc.author.woa |
N/A |
en_US |
| dc.author.department |
Computer Science and Mathematics |
en_US |
| dc.description.embargo |
N/A |
en_US |
| dc.relation.journal |
Cluster Computing |
en_US |
| dc.journal.volume |
13 |
en_US |
| dc.journal.issue |
1 |
en_US |
| dc.article.pages |
19-29 |
en_US |
| dc.keywords |
Alarm filtering |
en_US |
| dc.keywords |
Computer security |
en_US |
| dc.keywords |
Growing hierarchical self-organizing map |
en_US |
| dc.keywords |
Intrusion detection |
en_US |
| dc.keywords |
Self-organizing map |
en_US |
| dc.identifier.doi |
http://dx.doi.org/10.1007/s10586-009-0096-9 |
en_US |
| dc.identifier.ctation |
Mansour, N., Chehab, M. I., & Faour, A. (2010). Filtering intrusion detection alarms. Cluster Computing, 13(1), 19-29. |
en_US |
| dc.author.email |
nmansour@lau.edu.lb |
|
| dc.identifier.url |
http://link.springer.com/article/10.1007/s10586-009-0096-9 |
|