Alert Clustering using Self-Organizing Maps and K-Means Algorithm
Dayanand D. Ambawade1, Jagdish W. Bakal2
1Dayanand Ambawade, Associate Professor, Department of Electronics and Telecommunication Engineering, Sardar Patel Institute of Technology, Mumbai (Maharashtra), India.
2Dr. Jagdish W. Bakal, Professor and Principal, Pillai HOC College of Engineering and Technology, Mumbai (Maharashtra), India.
Manuscript received on 29 September 2022 | Revised Manuscript received on 02 September 2022 | Manuscript Accepted on 15 October 2022 | Manuscript published on 30 October 2022 | PP: 82-87 | Volume-12 Issue-1, October 2022 | Retrieval Number: 100.1/ijeat.A38521012122 | DOI: 10.35940/ijeat.A3852.1012122
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Alert correlation is a system that receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high-level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. This paper presents self-organizing maps and the k-means machine learning algorithms to reduce the number of alerts by clustering them.
Keywords: Alert, Clustering, Intrusion Detection System, K-means, SOM
Scope of the Article: Clustering