Enhancing False Alarm Reduction Using Voted Ensemble Selection in Intrusion Detection

Abstract Network intrusion detection systems (NIDSs) have become an indispensable component for the current network security infrastructure. However, a large number of alarms especially false alarms are a big problem for these systems which greatly lowers the effectiveness of NIDSs and causes heavier analysis workload. To address this problem, a lot of intelligent methods (e.g., machine learning algorithms) have been proposed to reduce the number of false alarms, but it is hard to determine which one is the best. We argue that the performance of different machine learning algorithms is very fluctuant with regard to distinct contexts (e.g., training data). In this paper, we propose an architecture of intelligent false alarm filter by employing a method of voted ensemble selection aiming to maintain the accuracy of false alarm reduction. In particular, there are four components in the architecture: data standardization, data storage, voted ensemble selection and alarm filtration. In the experiment, we condu...

[1]  Thomas G. Dietterich Multiple Classifier Systems , 2000, Lecture Notes in Computer Science.

[2]  Lam-For Kwok,et al.  Adaptive False Alarm Filter Using Machine Learning in Intrusion Detection , 2011 .

[3]  J. W. Ryu,et al.  Ensemble Classifier based on Misclassified Streaming Data , 2010 .

[4]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[5]  H. Butler Getting the most out of Food , 1971 .

[6]  Lam-for Kwok,et al.  Intrusion Detection Using Disagreement-Based Semi-supervised Learning: Detection Enhancement and False Alarm Reduction , 2012, CSS.

[7]  Tadeusz Pietraszek,et al.  Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection , 2004, RAID.

[8]  Sultan Aljahdali An effective intrusion detection method using optimal hybrid model of classifiers , 2010, J. Comput. Methods Sci. Eng..

[9]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[10]  Rich Caruana,et al.  Ensemble selection from libraries of models , 2004, ICML.

[11]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[12]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[13]  M. Shaw,et al.  Induction of fuzzy decision trees , 1995 .

[14]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[15]  Rich Caruana,et al.  Getting the Most Out of Ensemble Selection , 2006, Sixth International Conference on Data Mining (ICDM'06).

[16]  Lior Rokach,et al.  Ensemble-based classifiers , 2010, Artificial Intelligence Review.

[17]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[18]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[19]  Richard G. Baraniuk,et al.  Controlling False Alarms With Support Vector Machines , 2006, 2006 IEEE International Conference on Acoustics Speech and Signal Processing Proceedings.

[20]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[21]  Lam For Kwok,et al.  IDS False Alarm Filtering Using KNN Classifier , 2004, WISA.

[22]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[23]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[24]  Morteza Damanafshan,et al.  RAAS: a reliable analyzer and archiver for snort intrusion detection system , 2007, SAC '07.

[25]  Yuh-Jye Lee,et al.  Semi-supervised Learning for False Alarm Reduction , 2010, ICDM.

[26]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[27]  Maghsoud Abbaspour,et al.  Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller , 2012, Int. J. Netw. Secur..

[28]  Santosh Biswas,et al.  Towards reducing false alarms in network intrusion detection systems with data summarization technique , 2013, Secur. Commun. Networks.