Abstract:
A Network Intrusion Detection System (NIDS) monitors all network actions and generates alarms when it detects suspicious attempts. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is useful for real-world intrusion data.
Citation:
Shehab, M., Mansour, N., & Faour, A. (2008, May). Growing hierarchical self-organizing map for filtering intrusion detection alarms. In Parallel Architectures, Algorithms, and Networks, 2008. I-SPAN 2008. International Symposium on (pp. 167-172). IEEE.