Cohesion Based Algorithm to Manage IDS Alerts

Authors

Jinlei Huang, PLA Information Engineering University, Zhengzhou 450004, China;
Hengjun Wang, PLA Information Engineering University, Zhengzhou 450004, China;
Bin Yu, PLA Information Engineering University, Zhengzhou 450004, China;

Abstract

Abstract: On the basis of intrusion taxonomies and semantic similarity, the concept of cluster cohesion as well as an algorithm was proposed to manage IDS alerts. Based on cohesion, the proposed approach used improved bisecting K-means to aggregate massive alerts, and extracted the abnormal alerts from clusters formed in aggregation. The experimental results show that the approach is effective in alerts aggregation and abnormal alerts detecting, and can generate understandable meta-alerts with higher accuracy.

Recommended Citation

Huang, Jinlei; Wang, Hengjun; and Yu, Bin (2020) "Cohesion Based Algorithm to Manage IDS Alerts," Journal of System Simulation: Vol. 29: Iss. 4, Article 21.
DOI: 10.16182/j.issn1004731x.joss.201704021
Available at: https://dc-china-simulation.researchcommons.org/journal/vol29/iss4/21

First Page

859

Revised Date

2016-08-04

DOI Link

https://doi.org/10.16182/j.issn1004731x.joss.201704021

Last Page

864

CLC

TP309.1

Recommended Citation

Huang Jinlei, Wang Hengjun, Yu Bin. Cohesion Based Algorithm to Manage IDS Alerts[J]. Journal of System Simulation, 2017, 29(4): 859-864.

DOI

10.16182/j.issn1004731x.joss.201704021