Abstract
Unauthorised accesses into computers are serious cyber warfare across the globe. Consequently, an intrusion detector is used for network forensics to maximally detect and report intrusions. The toolkit is generally designed to log tons of unauthorised activities with their respective attributes to assist in-depth analyses of the events. Unfortunately, there are several ways to cluster intrusive alerts. Besides, trade-offs between intra-cluster similarity and inter-cluster dissimilarity are difficult to discriminate failed attacks from successful attacks because the probabilities that some attacks will fail are often neglected during the investigations of audit logs. Consequently, the goodness of clusters of failed attacks is mismatched with that of successful attacks and accurate countermeasures are not often achieved. Therefore, this paper presents a partitioning clustering algorithm for reducing aforementioned problems. The model was evaluated using information gain and the results obtained demonstrated splitting criteria that best discriminate failed attacks in intrusion logs.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Internet Technology and Secured Transactions
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
