Archivo Abierto Institucional de la Universidad Carlos III de Madrid: Labelling IDS clusters by means of the silhouette index

DSpace

e-Archivo

	Home

Browse
	Scientific Research
	Academic thesis
	Journals
	Digital collections
	Institutional Documentation
	Issue Date
	Author
	Title
	Subject

Login:
	My E-Archivo authorized users

	Help and guides
	Feedback

Archivo Abierto Institucional de la Universidad Carlos III de Madrid > Investigación > Departamentos > Departamento de Informática > Grupo de Seguridad de las Tecnologías de la Información y de las Comunicaciones > DI - SETI - Artículos en Congresos Nacionales >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10016/9705

Google™ Scholar. Others By: Petrovic, Slovodan - Álvarez, Gonzalo - Orfila, Agustín - Carbó, Javier

Files in This Item:

labelling_criptologia_2006.pdf

142,04 kB

Adobe PDF

formato pdf

Title:	Labelling IDS clusters by means of the silhouette index
Author(s):	Petrovic, Slovodan Álvarez, Gonzalo Orfila, Agustín Carbó, Javier
Publisher:	Jordi Herrera Joancomarti Joan Borrell Viader
Issued date:	Sep-2006
Citation:	Actas de la IX Reunión Española sobre Criptología y Seguridad de la Información. Barcelona : Jordi Herrera y Joan Borrell, 2006, pp. 760-772
URI:	http://hdl.handle.net/10016/9705
ISBN:	8497885023
Description:	Proceeding of: IX Reunión Española sobre Criptología y Seguridad de la Información. Barcelona, 2006
Abstract:	One of the most difficult problems in the design of an anomaly based intrusion detection system (IDS) that uses clustering is that of labelling the ob- tained clusters, i.e. determining which of them correspond to ”good” behaviour on the network/host and which to ”bad” behaviour. In this paper, a new clusters’ labelling strategy, which makes use of the Silhouette clustering quality index is proposed for application in such an IDS. The aim of the new labelling algorithm is to detect compact clusters containing very similar vectors and these are highly likely to be attack vectors. The effectiveness of a multiple classifier IDS with the Silhouette index implemented is compared to the effectiveness of a system em- ploying a classical cardinality-based labelling strategy. Experimental results show that the system using the Silhouette index produces much more accurate results than the system that uses the classical cardinality-based labelling. Possibilities of improving the overall efficiency of an IDS using the new labelling algorithm are also discussed.
Review:	PeerReviewed
Keywords:	Anomaly detection Clustering Intrusion detection system Silhoutte
Appears in Collections:	DI - SETI - Capítulos de Monografías DI - SETI - Artículos en Congresos Nacionales

Items in E-Archivo are protected by copyright, with all rights reserved, unless otherwise indicated.

© Universidad Carlos III de Madrid - Software DSpace - Terms of use - Feedback