ПРИЛОЖЕНИЕ НА ТЕХНИКИ ОТ КЛЪСТЕРНИЯ АНАЛИЗ В СИСТЕМИТЕ ЗА ОТКРИВАНЕ НА НАРУШЕНИЯ

  • Veselina Jecheva
  • Evgenia Nikolova
Ключови думи: информационна сигурност, клъстерен анализ, системи за откриване на нарушения

Абстракт

Настоящата статия представя приложения на техники от клъстърния анализ за  реазлизиране на система за откриване на нарушения, извършваща поведенчески анализ.  Чрез прилагане на K-значно клъстериране се извършва разделяне и класифициране на  данните за извършваните действия в наблюдаваната система, като се откриват  действията, резултат от нарушения на политиката на сигурност

Литература

[1] [Al-Mamory] Al-Mamory S.O., H. Zhang, Intrusion detection alarms reduction using
root cause analysis and clustering, Computer Communications, Volume 32, Issue 2, 12
February 2009, pp. 419–430.
[2] [Bolshakova] Bolshakova N. and Azuaje F., Cluster Validation Techniques for
Genome Expression Data, Signal Processing, 83, 2003, pp. 825-833.
[3] [Davies] Davies, D.L., Bouldin, D.W., (2000) A cluster separation measure. IEEE
Trans. Pattern Anal. Machine Intell., 1(4), 1979, 224-227.
[4] [Dunn] Dunn, 1974. Dunn, J. (1974) Well separated clusters and optimal fuzzy
partitions, Journal of Cybernetics , 4, 95-104.  



[5] [Ejaz] Ejaz А., S. Kashan, M. Waqar, Cluster-based Intrusion Detection (CBID)
architecture for mobile ad hoc networks, In 5th Conference, AusCERT2006 Gold
Coast, Australia, May 2006 Proceedings, Gold Coast, Australia.
[6] [Forrest] Forrest S., S.A. Hofmeyr, A. Somayaji, T.A. Longtaff, A Sense of Self for
Unix Processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy,
IEEE Computer Society Press, Los Alamitors, CA, pp.120-128.
[7] [G¨unter] G¨unter S. and Bunke H., ”Validation Indices for Graph Clustering”, J.
Jolion, W. Kropatsch, M. Vento (Eds.) Proceedings of the 3rd IAPR-TC15 Workshop
on Graph-based Representations in Pattern Recognition, CUEN Ed., Italy, 2001, pp.
229-238.
[8] [Hubert] Hubert L, Schultz J. Quadratic assignment as a general data-analysis strategy
. British Journal of Mathematical and Statistical Psychologie, 1976; 190-241.
[9] [Jaro] Jaro M. A., Advances in record linking methodology as applied to the 1985
census of Tampa Florida, Journal of the American Statistical Society, 1989, 414-420.
[10] Julisch K., Clustering Intrusion Detection Alarms to Support Root Cause
Analysis, ACM Transactions on Information and System Security, Volume 6 Issue 4,
November 2003, pp. 443 – 471.
[11] [Lieto] Lieto G., F. Orsini, G. Pagano, Cluster Analysis for Anomaly
Detection, CISIS 2008, ASC 53, Springer, 2009, pp. 163–169.
[12] [MacQueen] MacQueen J., Some methods for classification and analysis of
multivariate observations, Proceedings of 5-th Berkeley Symposium on Mathematical
Statistics and Probability. University of California Press, 1967, pp. 281-297.
[13] [Monge 1] Monge, A., Elkan, C.. The field-matching problem: algorithm and
applications. In Proceedings of the Second International Conference on Knowledge
Discovery and Data Mining, 1996.
[14] [Monge 2] Monge, A., Elkan, C. An efficient domain-independent algorithm
for detecting approximately duplicate database records. In The proceedings of the
SIGMOD 1997 workshop on data mining and knowledge discovery, 1997.
[15] [Rousseeuw] Rousseeuw, P.J., Silhouettes: a graphical aid to the interpretation
and validation of cluster analysis, Journal of Computational and Applied Mathematics,
20, 1987, 53-65.
[16] [Smith] Smith, Temple F.; Waterman, Michael S. Identification of Common
Molecular Subsequences, Journal of Molecular Biology 147: 1981, 195–197.
[17] [Wagner] Wagner R. A., M. J. Fischer, “The string-to-string correction
problem", Journal of the Association for Computing Machinery 21, pp. 168-173, 1974.
[18] [Winkler] Winkler W. E., The state of record linkage and current research
problems, Statistics of Income Division, Internal Revenue Service Publication R99/04,
1999.
Публикуван
2018-05-16
Как да се цитира
Jecheva, V., & Nikolova, E. (2018). ПРИЛОЖЕНИЕ НА ТЕХНИКИ ОТ КЛЪСТЕРНИЯ АНАЛИЗ В СИСТЕМИТЕ ЗА ОТКРИВАНЕ НА НАРУШЕНИЯ. КОМПЮТЪРНИ НАУКИ И КОМУНИКАЦИИ, 1(1), 42-47. изтеглен на от https://csc.bfu.bg/index.php/CSC/article/view/28
Раздел
Компютърни науки и комуникации - рецензирани публикации. ISSN: 1314-7846

Most read articles by the same author(s)