RT Conference Proceedings
T1 Labelling IDS clusters by means of the silhouette index
A1 Petrovic, Slovodan
A1 Álvarez, Gonzalo
A1 Orfila, Agustín
A1 Carbó Rubiera, Javier Ignacio
AB One of the most difficult problems in the design of an anomaly based intrusion detection system (IDS) that uses clustering is that of labelling the ob- tained clusters, i.e. determining which of them correspond to ”good” behaviour on the network/host and which to ”bad” behaviour. In this paper, a new clusters’ labelling strategy, which makes use of the Silhouette clustering quality index is proposed for application in such an IDS. The aim of the new labelling algorithm is to detect compact clusters containing very similar vectors and these are highly likely to be attack vectors. The effectiveness of a multiple classifier IDS with the Silhouette index implemented is compared to the effectiveness of a system em- ploying a classical cardinality-based labelling strategy. Experimental results show that the system using the Silhouette index produces much more accurate results than the system that uses the classical cardinality-based labelling. Possibilities of improving the overall efficiency of an IDS using the new labelling algorithm are also discussed.
PB Jordi Herrera Joancomarti
PB Joan Borrell Viader
SN 8497885023
YR 2006
FD 2006-09
LK https://hdl.handle.net/10016/9705
UL https://hdl.handle.net/10016/9705
LA eng
NO Proceeding of: IX Reunión Española sobre Criptología y Seguridad de la Información. Barcelona, 2006
DS e-Archivo
RD 20 may. 2024