TY - GEN
T1 - A GA-based solution to an NP-hard problem of clustering security events
AU - Wang, Jianxin
AU - Wang, Hongzhou
AU - Zhao, Geng
PY - 2006
Y1 - 2006
N2 - The clustering approach forwarded by Klaus Julisch is considerably effectual in eliminating false positives and finding root causes among huge amount of security events. But the clustering problem was proved to be unfortunately an NPhard one. In this paper, a GA-based algorithm is forwarded, which is much more effective than the original approximation algorithm by Julisch. The coding scheme and genetic operations including selection, crossover, and mutation are discussed in detail. To validate the quality of the newly-forwarded approach, a tree-version apriori is given, which is quite time-consuming but able to produce absolutely accurate solution used for comparison in a feasible period of time. The results show that the GA-based algorithm is valid and efficient and can find the optimal clusters that are very similar to the absolutely accurate ones.
AB - The clustering approach forwarded by Klaus Julisch is considerably effectual in eliminating false positives and finding root causes among huge amount of security events. But the clustering problem was proved to be unfortunately an NPhard one. In this paper, a GA-based algorithm is forwarded, which is much more effective than the original approximation algorithm by Julisch. The coding scheme and genetic operations including selection, crossover, and mutation are discussed in detail. To validate the quality of the newly-forwarded approach, a tree-version apriori is given, which is quite time-consuming but able to produce absolutely accurate solution used for comparison in a feasible period of time. The results show that the GA-based algorithm is valid and efficient and can find the optimal clusters that are very similar to the absolutely accurate ones.
UR - http://www.scopus.com/inward/record.url?scp=39749103388&partnerID=8YFLogxK
U2 - 10.1109/ICCCAS.2006.284911
DO - 10.1109/ICCCAS.2006.284911
M3 - Conference contribution
AN - SCOPUS:39749103388
SN - 0780395840
SN - 9780780395848
T3 - 2006 International Conference on Communications, Circuits and Systems, ICCCAS, Proceedings
SP - 2093
EP - 2097
BT - 2006 International Conference on Communications, Circuits and Systems, ICCCAS, Proceedings - Computer, Optical and Broadband Communications, Computational Intelligence
T2 - 2006 International Conference on Communications, Circuits and Systems, ICCCAS
Y2 - 25 June 2006 through 28 June 2006
ER -