Labelling IDS clusters by means of the silhouette index

e-Archivo Repository

Show simple item record

dc.contributor.author Petrovic, Slovodan
dc.contributor.author Álvarez, Gonzalo
dc.contributor.author Orfila, Agustín
dc.contributor.author Carbó Rubiera, Javier Ignacio
dc.date.accessioned 2010-11-23T15:06:10Z
dc.date.available 2010-11-23T15:06:10Z
dc.date.issued 2006-09
dc.identifier.bibliographicCitation Actas de la IX Reunión Española sobre Criptología y Seguridad de la Información. Barcelona : Jordi Herrera y Joan Borrell, 2006, pp. 760-772
dc.identifier.isbn 8497885023
dc.identifier.uri http://hdl.handle.net/10016/9705
dc.description Proceeding of: IX Reunión Española sobre Criptología y Seguridad de la Información. Barcelona, 2006
dc.description.abstract One of the most difficult problems in the design of an anomaly based intrusion detection system (IDS) that uses clustering is that of labelling the ob- tained clusters, i.e. determining which of them correspond to ”good” behaviour on the network/host and which to ”bad” behaviour. In this paper, a new clusters’ labelling strategy, which makes use of the Silhouette clustering quality index is proposed for application in such an IDS. The aim of the new labelling algorithm is to detect compact clusters containing very similar vectors and these are highly likely to be attack vectors. The effectiveness of a multiple classifier IDS with the Silhouette index implemented is compared to the effectiveness of a system em- ploying a classical cardinality-based labelling strategy. Experimental results show that the system using the Silhouette index produces much more accurate results than the system that uses the classical cardinality-based labelling. Possibilities of improving the overall efficiency of an IDS using the new labelling algorithm are also discussed.
dc.format.mimetype text/plain
dc.format.mimetype application/pdf
dc.language.iso eng
dc.publisher Jordi Herrera Joancomarti
dc.publisher Joan Borrell Viader
dc.subject.other Anomaly detection
dc.subject.other Clustering
dc.subject.other Intrusion detection system
dc.subject.other Silhoutte
dc.title Labelling IDS clusters by means of the silhouette index
dc.type bookPart
dc.type conferenceObject
dc.type.review PeerReviewed
dc.description.status Publicado
dc.subject.eciencia Informática
dc.rights.accessRights openAccess
dc.relation.eventnumber 9
dc.relation.eventplace Barcelona (Spain)
dc.relation.eventtitle Reunión Española sobre Criptología y Seguridad de la Información
dc.relation.eventtype proceeding
dc.identifier.publicationfirstpage 760
dc.identifier.publicationlastpage 772
dc.identifier.publicationtitle Actas de la IX Reunión Española sobre Criptología y Seguridad de la Información
 Find Full text

Files in this item

*Click on file's image for preview. (Embargoed files's preview is not supported)


This item appears in the following Collection(s)

Show simple item record