2009
DOI: 10.1016/j.comcom.2008.11.012
|View full text |Cite
|
Sign up to set email alerts
|

Intrusion detection alarms reduction using root cause analysis and clustering

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
47
0
2

Year Published

2011
2011
2016
2016

Publication Types

Select...
7

Relationship

0
7

Authors

Journals

citations
Cited by 76 publications
(49 citation statements)
references
References 20 publications
0
47
0
2
Order By: Relevance
“…Thus, the error rate of the proposed method does not exceed 6.73%. Comparing these results with those obtained by [25], [26] and [9], we find that they all used the DARPA 1999 dataset for five weeks, and the results of the proposed module are significantly better than those they have reported (Table 9). Table 9 Comparisons between the proposed module and other approaches Table 9 shows that all researchers used the same dataset, but the obtained results of this module are given below.…”
Section: Accomplishment Experimentsmentioning
confidence: 35%
See 2 more Smart Citations
“…Thus, the error rate of the proposed method does not exceed 6.73%. Comparing these results with those obtained by [25], [26] and [9], we find that they all used the DARPA 1999 dataset for five weeks, and the results of the proposed module are significantly better than those they have reported (Table 9). Table 9 Comparisons between the proposed module and other approaches Table 9 shows that all researchers used the same dataset, but the obtained results of this module are given below.…”
Section: Accomplishment Experimentsmentioning
confidence: 35%
“…To generate an acceptable alert set, we used IDS Snort 2.9 in our experiments, which has the flexibility of providing alerts in a flat file [9]. Afterward, we conducted a preprocess to remove the symbols and convert the file to a CSV file on a table format to simplify its application in any system, including our proposed system.…”
Section: Accomplishment Experimentsmentioning
confidence: 99%
See 1 more Smart Citation
“…The algorithm was used to identify the root cause of an attack, by manually analyzing and addressing these causes. This semi automatic process was enhanced further in [16], where the researches maintained the AOI techniques, and worked on the over generalization problem and computational setbacks in the previous work through developing a new approximation clustering algorithm while introducing the Nearest Common Ancestor (NCA) concept as a tool to calculate distance and initiate the cluster. For the purpose of our clustering method, data mining approaches applied are not suitable because of the generalization technique operates on pure assumption that objects or in this case alerts can be grouped together because they shared some common features or belong to the same ancestor.…”
Section: Related Workmentioning
confidence: 99%
“…In IDS, clustering is basically used for two things [14]; detection of hidden pattern in [15] to correlate alerts and establish causal relationship and as a data reduction technique in [3] and [16] to reduce the amount of alerts. Most clustering methods, used distant or similarity measure, between objects as a criterion to create a cluster, although the measuring approaches differs between individuals [17].…”
Section: Related Workmentioning
confidence: 99%