Abstract
We present a PCA-LVQ model and a balanced-training method for efficient intrusion alert analysis. For the connection records in the 1999 DARPA intrusion dataset, we firstly get a dimension-reduced dataset through Principal Component Analysis (PCA). Then, we use the Learning Vector Quantization (LVQ) neural network to perform intrusion alert clustering on the purified intrusion dataset. The experiment results show that the PCA-LVQ model and the balanced-training method are effective: the time costs can be shortened about by three times, and the accuracy of detection can be elevated to a higher level, especially for the U2R and R2L alerts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Oja, E.: Neural Networks, principal components, and subspaces. International Journal of Neural Systems 1(1), 61–68 (1989)
Kohonen, T., Hynninen, J., Kangas, J.: LVQ_PAK: The Learning Vector Quantization Program Package. Techinical report (1996)
Bouzida, Y., Gombault, S.: EigenConnections to Intrusion Detection. In: Proceedings of the 19th IFIP International Information Security Conference (August 2004)
Ramadas, M.: Detecting Anomalous Network Traffic with Self-Organizing Maps. Master’s thesis, Ohio University (March 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, JX., Wang, ZY., Dai, K. (2006). A PCA-LVQ Model for Intrusion Alert Analysis. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_102
Download citation
DOI: https://doi.org/10.1007/11760146_102
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34478-0
Online ISBN: 978-3-540-34479-7
eBook Packages: Computer ScienceComputer Science (R0)