Digital Library

cab1

 
Title:      A CLUSTERING-BASED JUDGMENT METHOD OF FALSE POSITIVE ALERTS
Author(s):      Shinya Iwasaki, Tomo Kakuta, Yoshihiro Sekiguchi, Yukihiro Konishi, Tomoya Ohtori and Norihisa Komoda
ISBN:      978-989-8533-92-0
Editors:      Ajith P. Abraham and Jörg Roth
Year:      2019
Edition:      Single
Keywords:      Cyber Security, Incident Response, Clustering, DBSCAN, K-means++, Anomaly Detection
Type:      Full Paper
First Page:      174
Last Page:      180
Language:      English
Cover:      cover          
Full Contents:      click to dowload Download
Paper Abstract:      This paper proposes a clustering-based judgment method for false positive alerts generated by security devices. In the proposed method, firstly, alerts with the same attack source IP address over a certain period of time in the past are extracted. After the extraction, using the accumulated signature amount from extracted alerts, the alerts with similar patterns are classified into several clusters using a method combining DBSCAN and K-means++. Then, the judgment of false positive alerts is done based on the number of alerts in each cluster. From a trial usage of the proposed method on two 7-day alert sets from two different networks, it was found that the recall rate was 100%, the precision rate was 34%, and the F-measure was 50%. The precision rate was improved by more than ten times compared to K-means++ alone, and about 2.4 times compared to DBSCAN alone.
   

Social Media Links

Search

Login