期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2012
卷号:37
期号:2
页码:234-240
出版社:Journal of Theoretical and Applied
摘要:Intrusion Detection System is an emerging technology for detecting the unauthorized users and malicious behavior in a system. Alert supervision is tedious in intrusion system, so Meta alerts are created. Meta alerts are generated for appropriate clusters and they form a generalization of alerts. The objective is to identify origin of these alerts. In this paper, we propose a hybrid clustering algorithm which is applied to the data set to cluster the alert. Online alert aggregation is applied to this data which identifies the intruder .Redundant data are filtered during the process of clustering and aggregation, which substantially reduces the false positive rate. From the observed false positive, the origin of the alert are reduced.
关键词:Intrusion Detection; Clustering; Meta alert; Root-cause
