A hybrid approach to reducing the false positive rate in unsupervised machine learning intrusion detection

摘要

Network intrusion detection aims to uncover unauthorized access to computer networks. Anomaly intrusion detection uses unsupervised learning to detect attacks based on profiles of normal user behaviors. If the system is being used differently, it triggers an alarm. Current methods of intrusion detection are unable to produce alerts without a high number of false positives. The proposed research will utilize a set of artificial intelligence machine learning methods to decrease the number of false positives in anomalous intrusion detection data. This method combines data clustering using the simple K-means algorithm, feature selection that employs the J48 Decision Tree algorithm, and self organizing maps to effectively reduce false positives using the KDD CUP 99 data set.