A SVM-based IDS Alarms Filtering Method

In view of the existing IDS are widespread the problem of high false alarm rate, this paper proposes a kind of alarm information filtering method of IDS based on support vector machine (SVM). The method consists of two parts, training, and data prediction. Model training including parsing command line parameters, read the training sample, select the appropriate penalty coefficient, kernel function and kernel parameter, statistical types and the number of each type of sample, sample training data grouping, using the minimum sequence optimization algorithm C - SVM classifier model. Training data to predict including read alarm data and based on the model of C - SVM classifier model calculation values of decision alarm data. Theoretical analysis and experimental data show that the rational selection of kernel function and kernel parameters and the training data set, this method can effectively reduce the intrusion detection system false alarm rate.

[1]  A. Nur Zincir-Heywood,et al.  Deterministic and Authenticated Flow Marking for IP Traceback , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[2]  Ashley Thomas,et al.  RAPID: Reputation based approach for improving intrusion detection effectiveness , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[3]  Ning Du,et al.  Generation and Analysis of Attack Graphs , 2012 .

[4]  Wei Zhang,et al.  A Memory Efficient Multiple Pattern Matching Architecture for Network Security , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[5]  José R. Dorronsoro,et al.  Finding optimal model parameters by deterministic and annealed focused grid search , 2009, Neurocomputing.

[6]  Sang-Soo Yeo,et al.  Genetic algorithm for effective open port selection for a web filter , 2012, Personal and Ubiquitous Computing.

[7]  Yuan-Cheng Lai,et al.  Creditability-based weighted voting for reducing false positives and negatives in intrusion detection , 2013, Comput. Secur..

[8]  Cai Zhi-ping High Performance Parallel Intrusion Detection Algorithms and Framework , 2013 .

[9]  Youngseok Lee,et al.  A multi-gigabit rate deep packet inspection algorithm using TCAM , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[10]  A. K. Bhattacharjee,et al.  IDS alerts classification using knowledge-based evaluation , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[11]  Ming-Feng Yeh,et al.  Particle swarm optimization with grey evolutionary analysis , 2013, Appl. Soft Comput..

[12]  M.F.A. Rasid,et al.  Accurate ICMP TraceBack Model under DoS/DDoS Attack , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[13]  J. Platt Sequential Minimal Optimization : A Fast Algorithm for Training Support Vector Machines , 1998 .

[14]  A. Nur Zincir-Heywood,et al.  On Evaluating IP Traceback Schemes: A Practical Perspective , 2013, 2013 IEEE Security and Privacy Workshops.

[15]  张哉根,et al.  Leu-M , 1991 .