- Title
- Cyberattack triage using incremental clustering for intrusion detection systems
- Creator
- Taheri, Sona; Bagirov, Adil; Gondal, Iqbal; Brown, Simon
- Date
- 2020
- Type
- Text; Journal article
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/173771
- Identifier
- vital:14743
- Identifier
-
https://doi.org/10.1007/s10207-019-00478-3
- Identifier
- ISBN:1615-5262 (ISSN)
- Abstract
- Intrusion detection systems (IDSs) are devices or software applications that monitor networks or systems for malicious activities and signals alerts/alarms when such activity is discovered. However, an IDS may generate many false alerts which affect its accuracy. In this paper, we develop a cyberattack triage algorithm to detect these alerts (so-called outliers). The proposed algorithm is designed using the clustering, optimization and distance-based approaches. An optimization-based incremental clustering algorithm is proposed to find clusters of different types of cyberattacks. Using a special procedure, a set of clusters is divided into two subsets: normal and stable clusters. Then, outliers are found among stable clusters using an average distance between centroids of normal clusters. The proposed algorithm is evaluated using the well-known IDS data sets—Knowledge Discovery and Data mining Cup 1999 and UNSW-NB15—and compared with some other existing algorithms. Results show that the proposed algorithm has a high detection accuracy and its false negative rate is very low. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.; This research was conducted in Internet Commerce Security Laboratory (ICSL) funded by Westpac Banking Corporation Australia. In addition, the research by Dr. Sona Taheri and A/Prof. Adil Bagirov was supported by the Australian Government through the Australian Research Council’s Discovery Projects funding scheme (DP190100580).
- Publisher
- Springer
- Relation
- International Journal of Information Security Vol. 19, no. 5 (2020), p. 597-607; http://purl.org/au-research/grants/arc/DP190100580
- Rights
- Copyright © Springer-Verlag GmbH Germany, part of Springer Nature 2019
- Rights
- This metadata is freely available under a CCO license
- Rights
- Open Access
- Subject
- 08 Information and Computing Sciences; 15 Commerce, Management, Tourism and Services; Cluster analysis; Computer network security; Incremental algorithm; Intrusion detection system; Outlier detection
- Full Text
- Reviewed
- Funder
- This research was conducted in Internet Commerce Security Laboratory (ICSL) funded by Westpac Banking Corporation Australia. In addition, the research by Dr. Sona Taheri and A/Prof. Adil Bagirov was supported by the Australian Government through the Australian Research Council’s Discovery Projects funding scheme (DP190100580).
- Hits: 4031
- Visitors: 4075
- Downloads: 336
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Accepted | 866 KB | Adobe Acrobat PDF | View Details Download |