Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering

Kalu  Gamage Kavindu Induwara Kumarasinghe; Ilangan  Pakshage Madhawi Pathum Kumarsiri; Harsha Pussewalage; Kapuruka  Abarana Gedara Thihara Vilochana Kumarasinghe; Kushan  Sudheera Kalupahana Liyanage; Yahani  Pinsara Manawadu; Haran Mamankaran

doi:10.5220/0013558700003979

Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering

Kalu Gamage Kavindu Induwara Kumarasinghe, Ilangan Pakshage Madhawi Pathum Kumarsiri, Harsha Pussewalage, Kapuruka Abarana Gedara Thihara Vilochana Kumarasinghe, Kushan Sudheera Kalupahana Liyanage, Yahani Pinsara Manawadu, Haran Mamankaran

2025

Abstract

Network Intrusion Detection Systems (IDS) have evolved significantly over the past two decades to address the growing complexity of network infrastructures and the increasing volume of cyber threats. However, traditional IDS approaches either rely on predefined signatures, which fail to detect zero-day attacks, or use anomaly detection models that suffer from high false alarm rates, overwhelming security analysts with excessive alerts. This paper proposes a data mining and adaptive clustering-based unsupervised approach to efficiently process IDS-generated network alerts, reducing false positives and enhancing threat detection. Relevant alert features are extracted, and advanced data mining techniques are applied to identify frequent patterns, reducing false alerts. Clustering similar patterns further groups alerts from related attacks, thereby reducing the workload of security analysts. This allows analysts to gain a high-level understanding of intrusions without manually reviewing vast numbers of alerts. The approach furthur enhances intrusion detection accuracy and provides actionable insights through alert correlation. The experimental results demonstrate significant improvements in detecting various cyber threats, including DDoS, Botnets, Port-scans, and more.

Download

Paper Citation

in Harvard Style

Kumarasinghe K., Kumarsiri I., Pussewalage H., Kumarasinghe K., Liyanage K., Manawadu Y. and Mamankaran H. (2025). Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 682-689. DOI: 10.5220/0013558700003979

in Bibtex Style

@conference{secrypt25,
author={Kalu Kumarasinghe and Ilangan Kumarsiri and Harsha Pussewalage and Kapuruka Kumarasinghe and Kushan Liyanage and Yahani Manawadu and Haran Mamankaran},
title={Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={682-689},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013558700003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Efficient Post-Processing of Intrusion Detection Alerts Using Data Mining and Clustering
SN - 978-989-758-760-3
AU - Kumarasinghe K.
AU - Kumarsiri I.
AU - Pussewalage H.
AU - Kumarasinghe K.
AU - Liyanage K.
AU - Manawadu Y.
AU - Mamankaran H.
PY - 2025
SP - 682
EP - 689
DO - 10.5220/0013558700003979
PB - SciTePress