- LAUR Home
- →
- School of Arts and Sciences
- →
- SoAS - Theses and Dissertations
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Shehab, Maya | |
| dc.date.accessioned | 2011-09-30T07:51:00Z | |
| dc.date.available | 2011-09-30T07:51:00Z | |
| dc.date.copyright | 2007 | en_US |
| dc.date.issued | 2011-09-30 | |
| dc.date.submitted | 2007-03-03 | |
| dc.identifier.uri | http://hdl.handle.net/10725/670 | |
| dc.description | Includes bibliographical references (leaves 71-75). | en_US |
| dc.description.abstract | A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all inbound and outbound network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data, where no prior information is available about these alarms. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. We compare the effectiveness of our GHSOM-based technique with a recent technique (SOM) using real-world intrusion detection data. The results show that our technique performs better than SOM in terms of reducing false positives from 15% to 4.7% and false negatives from16% to 4%. | en_US |
| dc.language.iso | en | en_US |
| dc.subject | Computer networks -- Security measures | en_US |
| dc.subject | Electronic alarm systems | en_US |
| dc.subject | Computer security | en_US |
| dc.subject | Self-organizing systems | en_US |
| dc.title | Growing hierarchical self-organizing map for filtering intrusion detection alarms. (c2007) | en_US |
| dc.type | Thesis | en_US |
| dc.term.submitted | Spring | en_US |
| dc.author.degree | MS in Computer Science | en_US |
| dc.author.school | Arts and Sciences | en_US |
| dc.author.idnumber | 200202197 | en_US |
| dc.author.commembers | Dr. Faisal Abu Khzam | |
| dc.author.commembers | Dr. Sanaa Sharafeddine | |
| dc.author.woa | OA | en_US |
| dc.description.physdesc | 1 bound copy: x, 80 leaves; ill.; 30 cm. available at RNL. | en_US |
| dc.author.division | Computer Science | en_US |
| dc.author.advisor | Dr. Nashaat Mansour | |
| dc.keywords | Alarm filtering | en_US |
| dc.keywords | Computer security | en_US |
| dc.keywords | Growing hierarchical self-organizing map | en_US |
| dc.keywords | Intrusion detection | en_US |
| dc.keywords | Self-organizing map | en_US |
| dc.identifier.doi | https://doi.org/10.26756/th.2007.19 | en_US |
| dc.publisher.institution | Lebanese American University | en_US |
