General Information
    • ISSN: 1793-8201 (Print), 2972-4511 (Online)
    • Abbreviated Title: Int. J. Comput. Theory Eng.
    • Frequency: Quarterly
    • DOI: 10.7763/IJCTE
    • Editor-in-Chief: Prof. Mehmet Sahinoglu
    • Associate Editor-in-Chief: Assoc. Prof. Alberto Arteta, Assoc. Prof. Engin Maşazade
    • Managing Editor: Ms. Cecilia Xie
    • Abstracting/Indexing: Scopus (Since 2022), INSPEC (IET), CNKI,  Google Scholar, EBSCO, etc.
    • Average Days from Submission to Acceptance: 192 days
    • APC: 800 USD
    • E-mail: editor@ijcte.org
    • Journal Metrics:
    • SCImago Journal & Country Rank
Article Metrics in Dimensions

IJCTE 2009 Vol.1(5): 539-545 ISSN: 1793-8201
DOI: 10.7763/IJCTE.2009.V1.87

A Hybrid Intelligent Approach for Automated Alert Clustering and Filtering in Intrusion Alert Analysis

Maheyzah Md Siraj, Mohd Aizaini Maarof, and Siti Zaiton Mohd Hashim

Abstract—As security threats change and advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time.

Index Terms—alert clustering and filtering, Expectation Maximization, Principal Component Analysis, unsupervised learning.

Manuscript received June 1, 2009. This work was supported by the Ministry of Higher Education (MOHE), Malaysia.
Maheyzah Md Siraj is with the Faculty of Computer Science and Information System, Universiti Teknologi Malaysia, 81310 Skudai Johor, Malaysia. (phone: +607 5532245; fax: +607 5593185;).
Mohd Aizaini Maarof and Siti Zaiton Mohd Hashim are also with the Faculty of Computer Science and Information System, Universiti Teknologi Malaysia, 81310 Skudai Johor, Malaysia.

[PDF]

Cite: Maheyzah Md Siraj, Mohd Aizaini Maarof and Siti Zaiton Mohd Hashim, "A Hybrid Intelligent Approach for Automated Alert Clustering and Filtering in Intrusion Alert Analysis," International Journal of Computer Theory and Engineering vol. 1, no. 5, pp. 539-545, 2009.


Copyright © 2008-2024. International Association of Computer Science and Information Technology. All rights reserved.