Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering

Kalu Kumarasinghe; Ilangan Kumarsiri; Harsha Pussewalage; Kapuruka Kumarasinghe; Kushan Liyanage; Yahani Manawadu; Haran Mamankaran

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering

Topics: Intrusion Detection & Prevention; Machine learning applications to data security and privacy; Network Security

In Proceedings of the 22nd International Conference on Security and Cryptography SECRYPT - Volume 1, 682-689, 2025 , Bilbao, Spain

Authors: Kalu Gamage Kavindu Induwara Kumarasinghe ¹ ; Ilangan Pakshage Madhawi Pathum Kumarsiri ¹ ; Harsha Pussewalage ² ; Kapuruka Abarana Gedara Thihara Vilochana Kumarasinghe ¹ ; Kushan Sudheera Kalupahana Liyanage ¹ ; Yahani Pinsara Manawadu ¹ and Haran Mamankaran ³

Affiliations: ¹ University of Ruhuna, Sri Lanka ; ² University of Agder, Norway ; ³ Sysco Labs, Sri Lanka

Keyword(s): Clustering, Cyber Security, Data Mining, Intrusion Detection System, Unsupervised Learning.

Abstract: Network Intrusion Detection Systems (IDS) have evolved significantly over the past two decades to address the growing complexity of network infrastructures and the increasing volume of cyber threats. However, traditional IDS approaches either rely on predefined signatures, which fail to detect zero-day attacks, or use anomaly detection models that suffer from high false alarm rates, overwhelming security analysts with excessive alerts. This paper proposes a data mining and adaptive clustering-based unsupervised approach to efficiently process IDS-generated network alerts, reducing false positives and enhancing threat detection. Relevant alert features are extracted, and advanced data mining techniques are applied to identify frequent patterns, reducing false alerts. Clustering similar patterns further groups alerts from related attacks, thereby reducing the workload of security analysts. This allows analysts to gain a high-level understanding of intrusions without manually reviewing vast numbers of alerts. The approach furthur enhances intrusion detection accuracy and provides actionable insights through alert correlation. The experimental results demonstrate significant improvements in detecting various cyber threats, including DDoS, Botnets, Port-scans, and more. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 216.73.216.157

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Kumarasinghe, K. G. K. I., Kumarsiri, I. P. M. P., Pussewalage, H., Kumarasinghe, K. A. G. T. V., Liyanage, K. S. K., Manawadu, Y. P., Mamankaran and H. (2025). Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering. In Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-760-3; ISSN 2184-7711, SciTePress, pages 682-689. DOI: 10.5220/0013558700003979

@conference{secrypt25,
author={Kalu Gamage Kavindu Induwara Kumarasinghe and Ilangan Pakshage Madhawi Pathum Kumarsiri and Harsha Pussewalage and Kapuruka Abarana Gedara Thihara Vilochana Kumarasinghe and Kushan Sudheera Kalupahana Liyanage and Yahani Pinsara Manawadu and Haran Mamankaran},
title={Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT},
year={2025},
pages={682-689},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013558700003979},
isbn={978-989-758-760-3},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT
TI - Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering
SN - 978-989-758-760-3
IS - 2184-7711
AU - Kumarasinghe, K.
AU - Kumarsiri, I.
AU - Pussewalage, H.
AU - Kumarasinghe, K.
AU - Liyanage, K.
AU - Manawadu, Y.
AU - Mamankaran, H.
PY - 2025
SP - 682
EP - 689
DO - 10.5220/0013558700003979
PB - SciTePress