Adaptive False Alarm Filter Using Machine Learning in Intrusion Detection

摘要

Intrusion detection systems (IDSs) have been widely deployed in organizations nowadays as the last defense for the network security. However, one of the big problems of these systems is that a large amount of alarms especially false alarms will be produced during the detection process, which greatly aggravates the analysis workload and reduces the effectiveness of detection. To mitigate this problem, we advocate that the construction of a false alarm filter by utilizing machine learning schemes is an effective solution. In this paper, we propose an adaptive false alarm filter aiming to filter out false alarms with the best machine learning algorithm based on distinct network contexts. In particular, we first compare with six specific machine learning schemes to illustrate their unstable performance. Then, we demonstrate the architecture of our adaptive false alarm filter. The evaluation results show that our approach is effective and encouraging in real scenarios.