Output details
13 - Electrical and Electronic Engineering, Metallurgy and Materials
University of Plymouth
A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm
A significant problem with intrusion detection systems (IDS) is false alarms, which waste administrator time and lead to genuine incidents being overlooked. Our novel alarm correlation method uses a two-stage classification system: a Self Organising Map neural network and a K-means algorithm. Experimental results (based upon the DARPA IDS evaluation dataset and a private set generated at Plymouth) demonstrate false alarm reduction of over 50%. This research is becoming widely referenced, with 15 independent citations in 2012/13, and (alongside delivering two further publications and a successful PhD) is now informing our contribution to a collaborative EPSRC CEReS project (£1M, 2013-2016).