A SOM and Bayesian Network Architecture for Alert Filtering in Network Intrusion Detection Systems

Author

Faour, Ahmad ; Leray, Philippe ; Eter, Bassam

Author_Institution

Lab. LITIS, INSA, Rouen

Volume

2

fYear

0

fDate

0-0 0

Firstpage

3175

Lastpage

3180

Abstract

With the ever growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. This paper presents a new approach for handling intrusion detection alarms more efficiently. We propose here an architecture for automated alarm filtering based on classical method of clustering (self-organizing maps) coupled with probabilistic graphical model (Bayesian belief networks) for determining if the network is really attacked

Keywords

Internet; belief networks; pattern clustering; probability; security of data; self-organising feature maps; telecommunication computing; Bayesian belief networks; Bayesian network architecture; Internet; automated alarm filtering; clustering; network intrusion detection systems; network security; probabilistic graphical model; self-organizing maps; Association rules; Bayesian methods; Data mining; Electronic mail; Graphical models; Humans; IP networks; Information filtering; Information filters; Intrusion detection; Bayesian Networks and Alarms Filterirng; Clusterirng; Intrusion Detection; Network Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Information and Communication Technologies, 2006. ICTTA '06. 2nd

Conference_Location

Damascus

Print_ISBN

0-7803-9521-2

Type

conf

DOI

10.1109/ICTTA.2006.1684924

Filename

1684924