By Topic

Optimised clustering method for reducing challenges of network forensics

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Nehinbe, J.O. ; Sch. of Comput. Sci. & Electron. Eng. Syst., Univ. of Essex, Colchester, UK

Network forensics are challenging because of numerous quantities of low level alerts that are generated by network intrusion detectors generate to achieve high detection rates. However, clustering analyses are insufficient to establish overall patterns, sequential dependencies and precise classifications of attacks embedded in of low level alerts. This is because there are several ways to cluster a set of alerts especially if the alerts contain clustering criteria that have several values. Consequently, it is difficult to promptly select an appropriate clustering technique for investigating computer attacks and to concurrently handle the tradeoffs between interpretations and clustering of low level alerts effectively. Accordingly, alerts, attacks and corresponding countermeasures are frequently mismatched. Hence, several realistic attacks easily circumvent early detections. Therefore, in this paper, intrusive alerts were clustered and the quality of each cluster was evaluated. The results demonstrate how a measure of entropy can be used to establish suitable clustering technique for investigating computer attacks.

Published in:

Computer Science and Electronic Engineering Conference (CEEC), 2010 2nd

Date of Conference:

8-9 Sept. 2010