Y-AOI: Y-Means Based Attribute Oriented Induction Identifying Root Cause for IDSs
The attribute oriented induction (AOI) is a kind of aggregation method. By generalizing the attributes of the alert, it creates several clusters that includes a set of alerts having similar or the same cause. However, if the attributes are excessively abstracted, the administrator does not identify the root cause of the attack. In addition, deciding time interval of clustering and deciding min_size are one of the most critical problems. In this paper, we describe about the over-generalization problem because of the unbalanced generalization hierarchy and discuss the solution of the problem. We also discuss problem to decide time interval and meaningful min_size, and propose reasonable method to solve these problems.
KeywordsIntrusion Detection Intrusion Detection System Current Node Discrete Time Interval Decide Time Interval
Unable to display preview. Download preview PDF.
- 6.Julisch, K.: Mining Intrusion Detection Alarms for Actionable Knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375 (2002)Google Scholar
- 7.Guan, Y., Ali, A.: Y-MEANS: A Clustering Method for Intrusion Detection. In: Canadian Conference on Electrical and Computer Engineering, pp. 1083–1086 (2003)Google Scholar
- 9.DARPA data set, http://www.ll.mit.edu/IST/ideval/index.html