Research of Intrusion Alert Aggregation Based on Spatial and Temporal Density

Authors

Zhang Jing, PLA Information Engineering University, Zhengzhou 450004, China;
Hengjun Wang, PLA Information Engineering University, Zhengzhou 450004, China;
Junquan Li, PLA Information Engineering University, Zhengzhou 450004, China;
Bin Yu, PLA Information Engineering University, Zhengzhou 450004, China;

Abstract

Abstract: Distributed Intrusion Detection System has created the problem to investigate a mass of duplicate alerts and high false positive rate in practical applications. Based on DBSCAN, density based spatial and temporal clustering of applications with noise (DBS&TCAN) algorithm was proposed by introducing temporal density. The approach aggregated partial alerts based on spatial density, and merges partial aggregation on the basis of temporal density. The effectiveness of the algorithm was demonstrated by the intrusion detection evaluation dataset. The comparative experiments and analysis show that the algorithm is effective in alert aggregation and gives better results in terms of real time.

Recommended Citation

Jing, Zhang; Wang, Hengjun; Li, Junquan; and Yu, Bin (2020) "Research of Intrusion Alert Aggregation Based on Spatial and Temporal Density," Journal of System Simulation: Vol. 28: Iss. 6, Article 12.
Available at: https://dc-china-simulation.researchcommons.org/journal/vol28/iss6/12

First Page

1336

Revised Date

2015-07-24

DOI Link

https://doi.org/

Last Page

1343

CLC

TP393.08

Recommended Citation

Zhang Jing, Wang Hengjun, Li Junquan, Yu Bin. Research of Intrusion Alert Aggregation Based on Spatial and Temporal Density[J]. Journal of System Simulation, 2016, 28(6): 1336-1343.