Network Intrusion Alert Aggregation Based on PCA and Expectation Maximization Clustering Algorithm
Most of the organizations implemented various security sensors for increased information security and assurance. A popular choice is Network Intrusion Detection Systems (NIDSs). Unfortunately, NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Worse, a large number of these alerts are false positives, and redundant warnings for the same attack, or alert notifications from erroneous activity. Such low quality of alerts gives negative impact to the alert analysis. The authors' empirical results show that the proposed model effectively clustered NIDSs alerts and significantly reduced the alert volume.