Title :
A GA-based Solution to an NP-hard Problem of Clustering Security Events
Author :
Wang, Jianxin ; Wang, Hongzhou ; Zhao, Geng
Author_Institution :
Sch. of Inf., Beijing Forestry Univ.
Abstract :
The clustering approach forwarded by Klaus Julisch is considerably effectual in eliminating false positives and finding root causes among huge amount of security events. But the clustering problem was proved to be unfortunately an NP-hard one. In this paper, a GA-based algorithm is forwarded, which is much more effective than the original approximation algorithm by Julisch. The coding scheme and genetic operations including selection, crossover, and mutation are discussed in detail. To validate the quality of the newly-forwarded approach, a tree-version apriori is given, which is quite time-consuming but able to produce absolutely accurate solution used for comparison in a feasible period of time. The results show that the GA-based algorithm is valid and efficient and can find the optimal clusters that are very similar to the absolutely accurate ones
Keywords :
computational complexity; computer networks; encoding; genetic algorithms; security of data; telecommunication security; GA-based algorithm; NP-hard problem; clustering approach; coding scheme; genetic algorithm; security event; Approximation algorithms; Biological cells; Clustering algorithms; Data security; Decoding; Encoding; Genetic mutations; Humans; Intrusion detection; NP-hard problem;
Conference_Titel :
Communications, Circuits and Systems Proceedings, 2006 International Conference on
Conference_Location :
Guilin
Print_ISBN :
0-7803-9584-0
Electronic_ISBN :
0-7803-9585-9
DOI :
10.1109/ICCCAS.2006.284911
