The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Data-Driven Discovery of Quantitative Rules in Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
A hybrid interestingness heuristic approach for attribute-oriented mining
KES-AMSTA'11 Proceedings of the 5th KES international conference on Agent and multi-agent systems: technologies and applications
Hi-index | 0.00 |
The intrusion detection system (IDS) is used as one of the solutions against the Internet attack. However the IDS reports extremely many alerts as compared with the number of the real attack. Thus the operator suffers from burden tasks that analyze floods of alerts and identify the root cause of them. The attribute oriented induction (AOI) is a kind of clustering method. By generalizing the attributes of raw alerts, it creates several clusters that include a set of alerts having similar or the same cause. However, if the attributes are excessively abstracted, the administrator does not identify the root cause of the alert. In this paper, we describe about the over generalization problem because of the unbalanced generalization hierarchy. We also discuss the solution of the problem and propose an algorithm to solve the problem.