Abstract
Snort is one of open source IDS to detect intrusion or potentially malicious activity on network traffic. Snort will give alert for every detected intrusion and write the alerts in log. Log data in IDS Snort will help network administrator to analyze the vulnerability of network security system. Clustering algorithm such as FCM can be used to analyze the log data of IDS Snort. Implementation of the algorithm is based on Python 3 and aims to cluster alerts in log data into 4 risk categories, such as low, medium, high, and critical. The outcome of this analysis is to show cluster results of FCM and to visualize the types of attacks that IDS Snort has successfully detected. Evaluation process is done by using Modified Partition Coefficient (MPC) to determine the validity of FCM.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have