Current implementations of intrusion detection systems (IDSs) have two drawbacks: 1) they normally generate far too many false positives, overloading human operators to such an extent that they can not respond effectively to the real alerts; 2) depending on the proportion of genuine attacks within the total network traffic, an IDS may never be effective. One approach to overcoming these obstacles is to correlate information from a wide variety of networks sensors, not just IDSs, in order to obtain a more complete picture on which to base decisions as to whether alerted events represent malicious activity or not. The challenge in such an analysis is the generation of the correlation rules that are to be used. At present, creating these rules is a time consuming manual task that requires expert knowledge. This work describes how data mining, specifically the k-means clustering technique, can be employed to assist in the semi-automatic generation of such correlation rules.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.