An Alert Aggregation Algorithm Based on Iterative Self-Organization.

Abstract: Considering the problem that intrusion detection systems always produced duplicated alarm information, in this paper we propose an iterative self-organization clustering algorithm. It begins with calculating average value of classes as the new clustering center on the basis of random selection, merging and dividing dynamically, then finish the clustering procedure through the iteration finally. Experimental results with DARPA1999 testing data set show that the clustering method is more excellent than traditional clustering methods in both aggregation rate and error aggregation rate. Besides, it reduces duplicated alarm effectively and provides assistance to further related work. [Copyright &y& Elsevier]