Title :
Alert clustering using integrated SOM/PSO
Author :
Li Lifen ; Zhang Changming
Author_Institution :
Sch. of Comput. Sci. & Technol., North China Electr. Power Univ., Baoding, China
Abstract :
With the growing deployment of host and network intrusion detection systems (IDSs), thousands of alerts are generally generated from them per day. Managing these alerts becomes critically important. In this paper, a hybrid alert clustering method based on self-Organizing maps (SOM) and particle swarm optimization (PSO) is presented. We firstly select the important features through binary particle swarm optimization (BPSO) and mutual information (MI) and get a dimension reduced dataset. SOM is used to cluster the dataset. PSO is used to evolve the weights for SOM to improve the clustering result. The algorithm is based on a type of unsupervised machine learning algorithm that infers relationships from data without the need to train the algorithm with expertly labelled data. The approach is validated using the 2000 DARPA intrusion detection datasets and comparative results between the canonical SOM and our scheme are presented.
Keywords :
particle swarm optimisation; security of data; alert clustering; intrusion detection systems; mutual information; particle swarm optimization; self-organizing maps; unsupervised machine learning algorithm; Classification algorithms; Clustering algorithms; Computer networks; Computer science; Humans; Intrusion detection; Mutual information; Neurons; Particle swarm optimization; Self organizing feature maps; alerts clustering; feature subset selection; particle swarm optimization; self organizing maps;
Conference_Titel :
Computer Design and Applications (ICCDA), 2010 International Conference on
Conference_Location :
Qinhuangdao
Print_ISBN :
978-1-4244-7164-5
Electronic_ISBN :
978-1-4244-7164-5
DOI :
10.1109/ICCDA.2010.5541319
