PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

A SOM and bayesian network architecture for alert filtering in network intrusion detection systems
Ahmad Faour, Philippe Leray and Bassam Eter
In: 2nd IEEE International Conference On Information and Communication Technologies: From Theory to Applications (ICTTA 2006), 24-28 April 2006, Damascus, Syria.


With the ever growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect in- trusions, which are important in security countermea- sures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. This paper presents a new approach for handling intrusion detection alarms more efficiently. We propose here an architecture for automated alarm filtering based on classical method of clustering (Self-Organizing Maps) coupled with proba- bilistic graphical model (Bayesian belief networks) for determining if the network is really attacked.

PDF - PASCAL Members only - Requires Adobe Acrobat Reader or other PDF viewer.
EPrint Type:Conference or Workshop Item (Paper)
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Learning/Statistics & Optimisation
ID Code:2102
Deposited By:Philippe Leray
Deposited On:07 May 2006