Clustering intrusion detection alarms to support root cause analysis.
Klaus JulischPublished in: ACM Trans. Inf. Syst. Secur. (2003)
Keyphrases
- intrusion detection
- anomaly detection
- intrusion detection system
- root cause analysis
- network security
- network intrusion detection
- network traffic
- alert correlation
- data mining
- clustering algorithm
- false positives and false negatives
- detecting anomalous
- network intrusion
- computer security
- high detection rate
- information security
- cyber security
- artificial immune
- knowledge management
- k means
- databases
- unsupervised learning
- decision support
- data mining techniques
- principal component analysis
- fraud detection
- false positives
- lightweight
- normal behavior
- distributed intrusion detection