Maheyzah Md Siraj

Feature Selection Using Information Gain for Improved Structural-Based Alert Correlation

Grouping and clustering alerts for intrusion detection based on the similarity of features is referred to as structurally base alert correlation and can discover a list of attack steps. Previous researchers selected different features and data sources manually based on their knowledge and experience, which lead to the less accurate identification of attack steps and inconsistent performance of clustering accuracy. Furthermore, the existing alert correlation systems deal with a huge amount of data that contains null values, incomplete information, and irrelevant features causing the analysis of the alerts to be tedious, time-consuming and error-prone. Therefore, this paper focuses on selecting accurate and significant features of alerts that are appropriate to represent the attack steps, thus, enhancing the structural-based alert correlation model. A two-tier feature selection method is proposed to obtain the significant features. The first tier aims at ranking the subset of features based on high information gain entropy in decreasing order. The‏ second tier extends additional features with a better discriminative ability than the initially ranked features. Performance analysis results show the significance of the selected features in terms of the clustering accuracy using 2000 DARPA intrusion detection scenario-specific dataset.

Intelligent Clustering with PCA and Unsupervised Learning Algorithm in Intrusion Alert Correlation

As security threats advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time.

A Hybrid Intelligent Approach for Automated Alert Clustering and Filtering in Intrusion Alert Analysis

As security threats change and advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural correlation by grouping alerts with common attributes. We propose a new hybrid clustering model based on Improved Unit Range (IUR), Principal Component Analysis (PCA) and unsupervised learning algorithm (Expectation Maximization) to aggregate similar alerts and to reduce the number of alerts. We tested against other unsupervised learning algorithms to validate the performance of the proposed model. Our empirical results show using DARPA 2000 dataset the proposed model gives better results in terms of the clustering accuracy and processing time.

Automated Matching Systems and Correctional Method for Improved Inspection Data Quality

Advances in computing technology, and data gathering tools provides a great opportunity in engineering area such as civil structure analysis domain to better understand its phenomenon. Our case study utilize these advances in pipeline structure in order to study the corrosion behavior that been one of the problem that leads to its failure. The availability of ILI data from MFL tools provides a better insight of corrosion process by using an efficient systems and data analysis method in order to extract important information regarding the condition of the pipeline. Our paper will discuss an implementation of automated matching systems and data correctional method that shown a promising result to improve the quality of data for future reliability assessment. The automated matching systems was evaluated using linear regression method for its sensitivity analysis whereby a modified corrosion rate method was used along with linear prediction method to verify the accuracy of the corrected data. Issues and advantage gain from this research is threefold; timeliness, accuracy, and consistencies in data sampling. This is a preliminary work towards a reliable pipeline assessment method.

Hidden features extraction using Independent Component Analysis for improved alert clustering

Feature extraction plays an important role in reducing the computational complexity and increasing the accuracy. Independent Component Analysis (ICA) is an effective feature extraction technique for disclosing hidden factors that underlying mixed samples of random variable measurements. The computation basic of ICA presupposes the mutual statistical independent of the non-Gaussian source signals. In this paper, we apply ICA algorithm as hidden features extraction to enhance the alert clustering performance. We tested the ICA against k- means, EM and Hierarchies unsupervised clustering algorithms to find the optimal performance of the clustering. The experimental results show that ICA effectively improves clustering accuracy.

A taxonomy on intrusion alert aggregation techniques

As security threats advance in a drastic way, most of the organizations apply various intrusion detection systems (IDSs) to optimize detection and to provide comprehensive view of intrusion activities. But IDS produces huge number of duplicated alerts information that overwhelm security operator. Alert aggregation addresses this issue by reducing, fusing and clustering the alerts. Techniques from a different scope of disciplines have been proposed by researchers for different aspects of aggregation. In this paper we present a comprehensive review on proposed alert aggregation techniques. Our main contribution is to classify the literature based on the techniques applied to aggregate the alerts.

Handwritten alphabets recognition using twelve directional feature extraction and self organizing maps

Recognizing pattern of handwriting has long been identified as a difficult problem needs to be solved by a computer. The main challenges are handwriting dynamicity and various forms or shapes of alphabet. Thus, computer requires several complex processes which are image processing, feature extraction and alphabets recognition. This research proposes an offline Handwritten Alphabets Recognition (HAR) automated system using Twelve Directional feature extraction and Self Organizing Maps (SOM) clustering algorithm to effectively recognize the type of alphabets. The proposed HAR system has three components: 1) preprocessing: which consists of grayscale image conversion, binarization and thinning, 2) feature extraction: that based on twelve directional feature input, and 3) clustering: using SOM algorithm. Experiments have been conducted on primary dataset and secondary dataset from benchmarked chars74k dataset. The results have shown that it produces encouraging recognition performance with 90% accuracy (for 150 secondary data) and 87.69% (for 150 primary data). This indicates that the proposed system can be an alternative solution to efficiently recognize the handwritten alphabets.