A PCA-LVQ Model for Intrusion Alert Analysis

Wang, Jing-Xin; Wang, Zhi-Ying; Dai, Kui

doi:10.1007/11760146_102

Jing-Xin Wang²¹,
Zhi-Ying Wang²¹ &
Kui Dai²¹

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3975))

Included in the following conference series:

International Conference on Intelligence and Security Informatics

1825 Accesses

Abstract

We present a PCA-LVQ model and a balanced-training method for efficient intrusion alert analysis. For the connection records in the 1999 DARPA intrusion dataset, we firstly get a dimension-reduced dataset through Principal Component Analysis (PCA). Then, we use the Learning Vector Quantization (LVQ) neural network to perform intrusion alert clustering on the purified intrusion dataset. The experiment results show that the PCA-LVQ model and the balanced-training method are effective: the time costs can be shortened about by three times, and the accuracy of detection can be elevated to a higher level, especially for the U2R and R2L alerts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Oja, E.: Neural Networks, principal components, and subspaces. International Journal of Neural Systems 1(1), 61–68 (1989)
Article MathSciNet Google Scholar
Kohonen, T., Hynninen, J., Kangas, J.: LVQ_PAK: The Learning Vector Quantization Program Package. Techinical report (1996)
Google Scholar
Bouzida, Y., Gombault, S.: EigenConnections to Intrusion Detection. In: Proceedings of the 19th IFIP International Information Security Conference (August 2004)
Google Scholar
Ramadas, M.: Detecting Anomalous Network Traffic with Self-Organizing Maps. Master’s thesis, Ohio University (March 2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Computer School, National University of Defense Technology, Changsha, China
Jing-Xin Wang, Zhi-Ying Wang & Kui Dai

Authors

Jing-Xin Wang
View author publications
You can also search for this author in PubMed Google Scholar
Zhi-Ying Wang
View author publications
You can also search for this author in PubMed Google Scholar
Kui Dai
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information and Computer Science, University of California, Irvine
Sharad Mehrotra
MIS Department, University of Arizona, 85721, Tucson, AZ, USA
Daniel D. Zeng
Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA
Hsinchun Chen
University of Texas at Dallas,
Bhavani Thuraisingham
Chinese Academy of Sciences, 100190, Beijing, China
Fei-Yue Wang

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wang, JX., Wang, ZY., Dai, K. (2006). A PCA-LVQ Model for Intrusion Alert Analysis. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_102

Download citation

DOI: https://doi.org/10.1007/11760146_102
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34478-0
Online ISBN: 978-3-540-34479-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics