Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems

摘要

To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.