Adaptive clustering method for reclassifying network intrusions

Abstract

The problems of classification and reporting of suspicious security violations often degenerate to other complex problems. However, efforts of system administrators to mitigate these flaws by reclassifying intrusive datasets so that realistic attacks can be substantiated are frequently unfruitful with swamped datasets. Also, the urgency required to process alerts has made validations of reduction criteria to be implemented with realistic attacks and unfortunately, these consistently endangering computer resources on the networks to more exposures. Consequently, the development of computer attacks that have been warned but still succeed is a classical problem in computer security. In this paper therefore, we have implemented a new clustering method to reduce these problems. Also, evaluation that we performed with synthetic and realistic datasets clustered alerts of each dataset to achieve a cluster of white-listed alerts. Moreover, the results obtained have indicated how system administrators could achieve prompt countermeasures to prevent realistic attacks. © Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 2010.