Research Article
Adaptive Clustering Method for Reclassifying Network Intrusions
@INPROCEEDINGS{10.1007/978-3-642-11530-1_15, author={Nehinbe Joshua}, title={Adaptive Clustering Method for Reclassifying Network Intrusions}, proceedings={Information Security and Digital Forensics. First International Conference, ISDF 2009, London, United Kingdom, September 7-9, 2009, Revised Selected Papers}, proceedings_a={ISDF}, year={2012}, month={5}, keywords={intrusion quarantining intrusion blacklisting intrusion white-listing probing attacks}, doi={10.1007/978-3-642-11530-1_15} }
- Nehinbe Joshua
Year: 2012
Adaptive Clustering Method for Reclassifying Network Intrusions
ISDF
Springer
DOI: 10.1007/978-3-642-11530-1_15
Abstract
The problems of classification and reporting of suspicious security violations often degenerate to other complex problems. However, efforts of system administrators to mitigate these flaws by reclassifying intrusive datasets so that realistic attacks can be substantiated are frequently unfruitful with swamped datasets. Also, the urgency required to process alerts has made validations of reduction criteria to be implemented with realistic attacks and unfortunately, these consistently endangering computer resources on the networks to more exposures. Consequently, the development of computer attacks that have been warned but still succeed is a classical problem in computer security. In this paper therefore, we have implemented a new clustering method to reduce these problems. Also, evaluation that we performed with synthetic and realistic datasets clustered alerts of each dataset to achieve a cluster of white-listed alerts. Moreover, the results obtained have indicated how system administrators could achieve prompt countermeasures to prevent realistic attacks.