Abstract
With the increase in usage of computer systems and computer networks, the problem of intrusion detection in network security has become an important issue. In this paper, we discuss approaches that simplify network administrator’s work. We applied clustering methods for security incident profiling. We considerK-means, PAM, and CLARA clustering algorithms. For this purpose, we used data collected in Warden system from various security tools. We do not aim to differentiate between normal and abnormal network traffic, but we focus on grouping similar threat agents based on attributes of security events. We suggest a case of a fine classification and a case of a coarse classification and discuss advantages of both cases.
Highlights
In the information age, network services and users face cyber threats due to rapid development; networks, network services, and network users are facing cyber threats like malware, data breach, phishing, social engineering, and so forth
We introduce the main ideas behind these well-known methods
We discussed an application of clustering algorithms for security event profiling
Summary
Network services and users face cyber threats due to rapid development; networks, network services, and network users are facing cyber threats like malware, data breach, phishing, social engineering, and so forth. These threats must be identified before organizations or users lose any data or reputation. The aim of any administrator of network services is to monitor, collect, and analyse network traffic, users’ activities, and system logs. They have become fundamental to guard against cyber threats to ensure cybersecurity. They are part of measures to ensure integrity, availability, or confidentiality of networks, network services, and network users
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
