Adaptive Clustering Method for Reclassifying Network Intrusions | SpringerLink
Skip to main content
Springer Nature Link
Log in

Adaptive Clustering Method for Reclassifying Network Intrusions

  • Conference paper
Information Security and Digital Forensics (ISDF 2009)

Included in the following conference series:

  • 665 Accesses

Abstract

The problems of classification and reporting of suspicious security violations often degenerate to other complex problems.  However, efforts of system administrators to mitigate these flaws by reclassifying intrusive datasets so that realistic attacks can be substantiated are frequently unfruitful with swamped datasets. Also, the urgency required to process alerts has made validations of reduction criteria to be implemented with realistic attacks and unfortunately, these consistently endangering computer resources on the networks to more exposures. Consequently, the development of computer attacks that have been warned but still succeed is a classical problem in computer security. In this paper therefore, we have implemented a new clustering method to reduce these problems. Also, evaluation that we performed with synthetic and realistic datasets clustered alerts of each dataset to achieve a cluster of white-listed alerts. Moreover, the results obtained have indicated how system administrators could achieve prompt countermeasures to prevent realistic attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Aleksandar, L., Vipin, K., Jaidep, S.: Intrusion detection: A survey, Computer Science Department, University of Minnesota (2005)

    Google Scholar 

  2. Alfonso, V., Keith, S.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Chyssler, T., Burschka, S., Semling, M., Lingvall, T., Burbeck, K.: Alarm Reduction and Correlation in Intrusion Detection Systems, Department of Computer Science, Linkoping University, Sweden (2004)

    Google Scholar 

  4. Cuppens, F., Miege, A.: Alert correlation in cooperative intrusion detection framework. In: Proceedings of IEEE symposium on security and privacy (2002)

    Google Scholar 

  5. Capture The Flag Contest-Defcon datasets (2009), http://cctf.shmoo.com/data/

  6. DARPA.: Intrusion Detection Scenario Specific Data Sets (2009), http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/2000data.html

  7. Debar, H., Wespi, A.: Aggregation and correlation of intrusion detection alerts. In: Proceedings of international symposium on recent advances in intrusion detection, Davis, CA, pp. 85–103 (2001)

    Google Scholar 

  8. Fatima, L.S., Mezrioui, A.: Improving the quality of alerts with correlation in intrusion detection. International Journal of Computer Science and Network Security 7(12) (2007)

    Google Scholar 

  9. Hartsein, B.: Intrusion Detection Likelihood: A Risk-Based Approach SANS Institute (2008)

    Google Scholar 

  10. Internet Protocol: Internetworking Technology overview (1999) (2009), http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Internet-Protocols.pdf

  11. Jan, N.Y., Lin, S.C., Tseng, S.S., Lin, N.P.: A decision support system for constructing an alert classification model. Journals of Expert Systems with Applications (February 2009)

    Google Scholar 

  12. Kabiri, P., Ghorbani, A.A.: A Rule-Based Temporal Alert Correlation System. International Journal of Network Security 5(1), 66–72 (2007)

    Google Scholar 

  13. Morin, B., Me, L., Debar, H., Ducass, M.: M2D2: A formal data model for IDS alerts correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 115–137. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios through correlation of alerts, department of computer science, NC state University, USA (2002)

    Google Scholar 

  15. Paxson, V.: Considerations and Pitfalls for Conducting Intrusion Detection Research, International Computer Science Institute and Lawrence Berkeley National Laboratory Berkeley, California USA (2007)

    Google Scholar 

  16. Roesch, M.: Snort Manual version 2.8.4 (2009), http://www.snort.org/assets/82/snort_manual.pdf

  17. Sadoddin, R., Ghorbani, A.: Network Security Laboratory, University of New Brunswick, Fredericton, Canada (2006)

    Google Scholar 

  18. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS), Recommendations of the National Institute of Standards and Technology, Special Publication 800-94, Technology Administration, Department of Commerce, USA (2007)

    Google Scholar 

  19. Urko, Z., Roberto, U.: Intrusion Detection Alarm Correlation: A Survey, Computer Science Department, Mondragon University, Gipuzkoa Spain (2004)

    Google Scholar 

  20. Wang, L., Liu, A., Jajodia, S.: Using attack graph for correlating, hypothesizing, and predicting intrusion alerts. Science Direct, pp. 2917–2933. Elsevier, Amsterdam (2006)

    Google Scholar 

  21. Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A Comprehensive approach to Intrusion Detection Alert Correlation. IEEE Transactions on Dependable and Secure Computing 1(3) (2004)

    Google Scholar 

  22. Xinzhou, Q., Wenke, L.: Discovering Novel Attack Strategies from INFOSEC Alerts, College of Computing Georgia Institute of Technology, Atlanta, GA 30332, USA (2004)

    Google Scholar 

  23. Yusof, R., Sulamat, S.R., Sahib, S.: Intrusion Alert Correlation Technique Analysis for Heterogeneous Log. International Journal of Computer Science and Network Security 8(9) (September 2008)

    Google Scholar 

  24. Yu, D., Deborah, F.: Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory, Department of Computer Science, University of Idaho (2005)

    Google Scholar 

  25. Zhu, B., Ali, A.G.: Alert Correlation for Extracting Attack Strategies, Faculty of Computer Science, University of New Brunswick, Fredericton, New Brunswick, Canada (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Electronic Engineering System, University of Essex, Colchester, UK

    Nehinbe Ojo Joshua

Authors
  1. Nehinbe Ojo Joshua
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering and Mathematical Sciences Northampton Square, City University, EC1V 0HB, London, United Kingdom

    Dasun Weerasinghe

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Joshua, N.O. (2010). Adaptive Clustering Method for Reclassifying Network Intrusions. In: Weerasinghe, D. (eds) Information Security and Digital Forensics. ISDF 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 41. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11530-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11530-1_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11529-5

  • Online ISBN: 978-3-642-11530-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation