Self-organizing maps
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
A hierarchical SOM-based intrusion detection system
Engineering Applications of Artificial Intelligence
A new approach to hierarchical clustering and structuring of data with Self-Organizing Maps
Intelligent Data Analysis
The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data
IEEE Transactions on Neural Networks
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
| Hi-index | 0.00 |
A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data.