Generating security event correlation rules through k-means clustering


Current implementations of intrusion detection systems (IDSs) have two drawbacks: 1) they normally generate far too many false positives, overloading human operators to such an extent that they can not respond effectively to the real alerts; 2) depending on the proportion of genuine attacks within the total network traffic, an IDS may never be effective… (More)


1 Figure or Table

Slides referencing similar topics