Author(s): Ala' Yaseen Ibrahim Shakhatreh | Kamalrulnizam Abu Bakar
Journal: International Journal of Computer Science Issues
ISSN 1694-0784
Volume: 8;
Issue: 5;
Start page: 373;
Date: 2011;
Original page
Keywords: Intrusion Detection System | Clustering Techniques | Unsupervised Learning | Detection Rate | False Alarm Rate | Dataset | LVQ | SOM. | IJCSI
ABSTRACT
False alarm rate and detection accuracy are still challenging issues that are not completely solved yet in the field of Anomaly based Intrusion Detection System (AIDS). The reasons behind these issues vary according to the algorithm and the dataset used to train the IDS. Consequently, dealing with high dimensional data requires an efficient data reduction technique that considerably reduces the dimensionality without any substantial loss in the important features. However, the excessive reduction of features will lead to model some intrusive patterns similarly as normal ones. Indeed, this will result in misclassifications that will increase false negative rate, which degrades the accuracy of detection. This paper concludes many clustering techniques that were previously proposed to solve the inherent IDS problems. Where, the clustering techniques involved in three general aspects namely: data preprocessing, anomaly detection, and data projection/alarm filtering. Eventually, recommendations for future researches followed by the conclusion are depicted at the end of this paper.
Journal: International Journal of Computer Science Issues
ISSN 1694-0784
Volume: 8;
Issue: 5;
Start page: 373;
Date: 2011;
Original page
Keywords: Intrusion Detection System | Clustering Techniques | Unsupervised Learning | Detection Rate | False Alarm Rate | Dataset | LVQ | SOM. | IJCSI
ABSTRACT
False alarm rate and detection accuracy are still challenging issues that are not completely solved yet in the field of Anomaly based Intrusion Detection System (AIDS). The reasons behind these issues vary according to the algorithm and the dataset used to train the IDS. Consequently, dealing with high dimensional data requires an efficient data reduction technique that considerably reduces the dimensionality without any substantial loss in the important features. However, the excessive reduction of features will lead to model some intrusive patterns similarly as normal ones. Indeed, this will result in misclassifications that will increase false negative rate, which degrades the accuracy of detection. This paper concludes many clustering techniques that were previously proposed to solve the inherent IDS problems. Where, the clustering techniques involved in three general aspects namely: data preprocessing, anomaly detection, and data projection/alarm filtering. Eventually, recommendations for future researches followed by the conclusion are depicted at the end of this paper.
