A GA-based Solution to an NP-hard Problem of Clustering Security Events

Author

Wang, Jianxin ; Wang, Hongzhou ; Zhao, Geng

Author_Institution

Sch. of Inf., Beijing Forestry Univ.

Volume

3

fYear

2006

fDate

38869

Firstpage

2093

Lastpage

2097

Abstract

The clustering approach forwarded by Klaus Julisch is considerably effectual in eliminating false positives and finding root causes among huge amount of security events. But the clustering problem was proved to be unfortunately an NP-hard one. In this paper, a GA-based algorithm is forwarded, which is much more effective than the original approximation algorithm by Julisch. The coding scheme and genetic operations including selection, crossover, and mutation are discussed in detail. To validate the quality of the newly-forwarded approach, a tree-version apriori is given, which is quite time-consuming but able to produce absolutely accurate solution used for comparison in a feasible period of time. The results show that the GA-based algorithm is valid and efficient and can find the optimal clusters that are very similar to the absolutely accurate ones

Keywords

computational complexity; computer networks; encoding; genetic algorithms; security of data; telecommunication security; GA-based algorithm; NP-hard problem; clustering approach; coding scheme; genetic algorithm; security event; Approximation algorithms; Biological cells; Clustering algorithms; Data security; Decoding; Encoding; Genetic mutations; Humans; Intrusion detection; NP-hard problem;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, Circuits and Systems Proceedings, 2006 International Conference on

Conference_Location

Guilin

Print_ISBN

0-7803-9584-0

Electronic_ISBN

0-7803-9585-9

Type

conf

DOI

10.1109/ICCCAS.2006.284911

Filename

4064317