Title :
Minining Intrusion Detection Alarms with an SA-based Clustering Approach
Author :
Wang, Jianxin ; Xia, Yunqing ; Wang, Hongzhou
Author_Institution :
Beijing Forestry Univ., Beijing
Abstract :
Intrusion detection systems generally overload their human operators by triggering per day thousands of alarms most of which are false positives. A clustering method able to eliminate most false positives was put forward by Klaus Julisch, who proved that the clustering problem is NP-complete and proposed a low-quality approximation algorithm. In this paper, the simulated annealing technique is applied in the clustering procedure, to produce high-quality solutions. The local optimization strategy, cooling schedule, and evaluation function are discussed in details. A state-of-the-art selection table is proposed, which greatly reduces the evaluation operation. In order to validate the newly proposed algorithm, a kind of exhaustive searching is implemented, which can find global minima for comparison with the cost of long yet feasible execution time. The results show that the SA-based clustering algorithm can produce solutions with the quality very close to that of the best one, whilst the time consumption is within a reasonable range.
Keywords :
alarm systems; data mining; pattern clustering; search problems; security of data; simulated annealing; IDS alarm mining; NP-complete clustering problem; SA-based clustering approach; cooling schedule; evaluation function; exhaustive searching; human operators; intrusion detection system alarms; local optimization strategy; simulated annealing technique; state-of-the-art selection table; Approximation algorithms; Association rules; Clustering algorithms; Clustering methods; Forestry; Humans; Intrusion detection; Mathematics; Neodymium; Simulated annealing;
Conference_Titel :
Communications, Circuits and Systems, 2007. ICCCAS 2007. International Conference on
Conference_Location :
Kokura
Print_ISBN :
978-1-4244-1473-4
DOI :
10.1109/ICCCAS.2007.4348195
