Alerts Clustering for Intrusion Detection Systems: Overview and Machine Learning Perspectives
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 5
Abstract
The tremendous amount of the security alerts due to the high-speed alert generation of high-speed networks make the management of intrusion detection computationally expensive. Evidently, the high-level rate of wrong alerts disproves the Intrusion Detection Systems (IDS) performances and decrease its capability to prevent cyber-attacks which lead to tedious alert analysis task. Thus, it is important to develop new tools to understand intrusion data and to represent them in a compact forms using, for example, an alert clustering process. This hot topic of research is studied here and an understandable taxonomy followed by a deep survey of main published works related to intrusion alert management is presented in this paper. The second part of this work exposes different useful steps for designing a unified IDS system on the basis of machine learning techniques which are considered one of the most powerful tools for solving certain problems related to alert management and outlier detection.
Authors and Affiliations
Wajdi Alhakami
Keywords
Related Articles
- EP ID EP579023
- DOI 10.14569/IJACSA.2019.0100574
- Views 127
- Downloads 0
Clustering of Image Data Using K-Means and Fuzzy K-Means
Clustering is a major technique used for grouping of numerical and image data in data mining and image processing applications. Clustering makes the job of image retrieval easy by finding the images as similar as given i...
Towards Understanding Internet of Things Security and its Empirical Vulnerabilities: A Survey
The Internet of things is no longer a concept; it is a reality already changing our lives. It aims to interconnect almost all daily used devices to help them exchange contextualized data in order to offer services adequa...
Fairness Enhancement Scheme for Multimedia Applications in IEEE 802.11e Wireless LANs
Multimedia traffic should be transmitted to a receiver within the delay bound. The traffic is discarded when breaking its delay bound. Then, QoS (Quality of Service) of the traffic and network performance are lowered. Th...
Security and Privacy Issues in Ehealthcare Systems: Towards Trusted Services
Recent years have witnessed a widespread availability of electronic healthcare data record (EHR) systems. Vast amounts of health data were generated in the process of treatment in medical centers such hospitals, clinics,...
A Multi-Objective Optimization Approach Using Genetic Algorithms for Quick Response to Effects of Variability in Flow Manufacturing
This paper exemplifies a framework for development of multi-objective genetic algorithm based job sequencing method by taking account of multiple resource constraints. Along this, Theory of Constraints based Drum-Buffer-...