[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Y-AOI: Y-Means Based Attribute Oriented Induction Identifying Root Cause for IDSs

  • Conference paper
Fuzzy Systems and Knowledge Discovery (FSKD 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3614))

Included in the following conference series:

Abstract

The attribute oriented induction (AOI) is a kind of aggregation method. By generalizing the attributes of the alert, it creates several clusters that includes a set of alerts having similar or the same cause. However, if the attributes are excessively abstracted, the administrator does not identify the root cause of the attack. In addition, deciding time interval of clustering and deciding min_size are one of the most critical problems. In this paper, we describe about the over-generalization problem because of the unbalanced generalization hierarchy and discuss the solution of the problem. We also discuss problem to decide time interval and meaningful min_size, and propose reasonable method to solve these problems.

This study is supported by the National Security Research Institute in Korea and the Brain Korea 21 project in 2004.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 71.50
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 89.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Axelsson, S.: The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security 3(3), 186–205 (2000)

    Article  MathSciNet  Google Scholar 

  3. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Han, J., Cai, Y.: Data-Driven Discovery of Quantitative Rules in Relational Databases. IEEE Transactions on Knowledge and Data Engineering 5(1), 29–40 (1993)

    Article  Google Scholar 

  5. Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security 6(4), 443–471 (2002)

    Article  Google Scholar 

  6. Julisch, K.: Mining Intrusion Detection Alarms for Actionable Knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375 (2002)

    Google Scholar 

  7. Guan, Y., Ali, A.: Y-MEANS: A Clustering Method for Intrusion Detection. In: Canadian Conference on Electrical and Computer Engineering, pp. 1083–1086 (2003)

    Google Scholar 

  8. Hansen, P., Mladenovic, N.: J-means: a new local search heuristic for minimum sum-of-squares clustering. Pattern Recognition 34(2), 405–413 (2002)

    Article  MathSciNet  Google Scholar 

  9. DARPA data set, http://www.ll.mit.edu/IST/ideval/index.html

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Communication, Ajou University, Suwon, Korea

    Jungtae Kim, Gunhee Lee & Dong-kyoo Kim

  2. National Security Research Institute, Hwaam-dong, Yuseong-gu, Daejeon, Korea

    Jung-taek Seo, Eung-ki Park & Choon-sik Park

Authors
  1. Jungtae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gunhee Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jung-taek Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eung-ki Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Choon-sik Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dong-kyoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, Nanyang Technological University, Block S1, Nanyang Avenue, 639798, Singapore

    Lipo Wang

  2. Honda Research Institute Europe GmbH, Offenbach/Main, Germany

    Yaochu Jin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, J., Lee, G., Seo, Jt., Park, Ek., Park, Cs., Kim, Dk. (2005). Y-AOI: Y-Means Based Attribute Oriented Induction Identifying Root Cause for IDSs. In: Wang, L., Jin, Y. (eds) Fuzzy Systems and Knowledge Discovery. FSKD 2005. Lecture Notes in Computer Science(), vol 3614. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11540007_25

Download citation

  • DOI: https://doi.org/10.1007/11540007_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28331-7

  • Online ISBN: 978-3-540-31828-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation