A GA-based solution to an NP-hard problem of clustering security events

Jianxin Wang*, Hongzhou Wang, Geng Zhao

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Citations (Scopus)

Abstract

The clustering approach forwarded by Klaus Julisch is considerably effectual in eliminating false positives and finding root causes among huge amount of security events. But the clustering problem was proved to be unfortunately an NPhard one. In this paper, a GA-based algorithm is forwarded, which is much more effective than the original approximation algorithm by Julisch. The coding scheme and genetic operations including selection, crossover, and mutation are discussed in detail. To validate the quality of the newly-forwarded approach, a tree-version apriori is given, which is quite time-consuming but able to produce absolutely accurate solution used for comparison in a feasible period of time. The results show that the GA-based algorithm is valid and efficient and can find the optimal clusters that are very similar to the absolutely accurate ones.

Original languageEnglish
Title of host publication2006 International Conference on Communications, Circuits and Systems, ICCCAS, Proceedings - Computer, Optical and Broadband Communications, Computational Intelligence
Pages2093-2097
Number of pages5
DOIs
Publication statusPublished - 2006
Event2006 International Conference on Communications, Circuits and Systems, ICCCAS - Guilin, China
Duration: 25 Jun 200628 Jun 2006

Publication series

Name2006 International Conference on Communications, Circuits and Systems, ICCCAS, Proceedings
Volume3

Conference

Conference2006 International Conference on Communications, Circuits and Systems, ICCCAS
Country/TerritoryChina
CityGuilin
Period25/06/0628/06/06

Fingerprint

Dive into the research topics of 'A GA-based solution to an NP-hard problem of clustering security events'. Together they form a unique fingerprint.

Cite this