%0 Journal Article
%T Intelligent Alert Clustering Model for Network Intrusion Analysis
%A Maheyzah Md Siraj
%A Mohd Aizaini Maarof
%A Siti Zaiton Mohd Hashim
%J International Journal of Advances in Soft Computing and Its Applications
%D 2009
%I International Center for Scientific Research and Studies
%X As security threats change and advance in a drastic way, most ofthe organizations implement multiple Network Intrusion DetectionSystems (NIDSs) to optimize detection and to provide comprehensiveview of intrusion activities. But NIDSs trigger a massive amount ofalerts even for a day and overwhelmed security experts. Thus,automated and intelligent clustering is important to reveal theirstructural correlation by grouping alerts with common attributes. Wepropose a new hybrid clustering model based on Improved UnitRange (IUR), Principal Component Analysis (PCA) andunsupervised learning algorithm (Expectation Maximization) toaggregate similar alerts and to reduce the number of alerts. Wetested against other unsupervised learning algorithms to validate theperformance of the proposed model. Our empirical results showusing DARPA 2000 dataset the proposed model gives better results interms of the clustering accuracy and processing time.
%K alert clustering
%K alert correlation
%K Expectation Maximization
%K Principal Component Analysis
%K unsupervised learning.
%U http://www.i-csrs.org/Volumes/ijasca/vol.1/vol.1.1.3.july.09.pdf