You are in : Home » Results & submissions » Select UOA » 13 - Electrical and Electronic Engineering, Metallurgy and Materials » View submission: University of Plymouth » Outputs » Detail

Output details

13 - Electrical and Electronic Engineering, Metallurgy and Materials

University of Plymouth

Return to search Previous output Next output

Output 3 of 36 in the submission

Article title

A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm

Type

D - Journal article

DOI

10.1016/j.cose.2010.02.001

Title of journal

COMPUTERS & SECURITY

Article number

n/a

Volume number

Issue number

First page of article

712

ISSN of journal

0167-4048

Year of publication

2010

URL

http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=000280625700007&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=11bb513d99f797142bcfeffcc58ea008

Number of additional authors

Additional information

A significant problem with intrusion detection systems (IDS) is false alarms, which waste administrator time and lead to genuine incidents being overlooked. Our novel alarm correlation method uses a two-stage classification system: a Self Organising Map neural network and a K-means algorithm. Experimental results (based upon the DARPA IDS evaluation dataset and a private set generated at Plymouth) demonstrate false alarm reduction of over 50%. This research is becoming widely referenced, with 15 independent citations in 2012/13, and (alongside delivering two further publications and a successful PhD) is now informing our contribution to a collaborative EPSRC CEReS project (£1M, 2013-2016).

Interdisciplinary

Cross-referral requested

Research group

None

Proposed double-weighted

Double-weighted statement

Reserve for a double-weighted output

Non-English

English abstract