Skip to Main Content
Security is an important issue for building and sustaining trust relationship in cloud computing and in the usage of web-based applications. Consequently, intrusion detectors that adopt allowable and disallowable concepts are used in network forensics. The disallowable policy enforcers alert on events that are known to be bad while the allowable policy enforcers monitor events that deviate from known good. Nevertheless, sophisticated cases of computer attacks often render attempts to isolate failed attacks from successful attacks ineffective. Thus, attacks are erroneous interpreted and most successful cases of computer attacks are not forestalled while in progress despite the huge volume of warnings that intrusion detectors generate beforehand. Therefore, we present a new clustering algorithm to lessen these problems. Series of evaluations showed how to adopt category utility to improve the efficacies of methods for detecting and preventing intrusions. The results also differentiated failed attacks on computer resources from successful attacks.