Using Neuro-Fuzzy Approach to Reduce False Positive Alerts

One of the major problems of Intrusion Detection Systems (IDS) at the present is the high rate of false alerts that the systems produce. These alerts cause problems to human analysts to repeatedly and intensively analyze the false alerts to initiate appropriate actions. We demonstrate the advantages of using a hybrid neuro-fuzzy approach to reduce the number of false alarms. The neuro-fuzzy approach was experimented with different background knowledge sets in DARPA 1999 network traffic dataset. The approach was evaluated and compared with RIPPER algorithm. The results shows that the neuro- fuzzy approach significantly reduces the number of false alarms more than the RIPPER algorithm and requires less background knowledge sets.

[1]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[2]  Tadeusz Pietraszek,et al.  Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection , 2004, RAID.

[3]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[5]  Gregory J. Pottie CNSR 2007 Fifth Annual Conference on Communication Networks and Services Research , 2007 .

[6]  Rudolf Kruse,et al.  A neuro-fuzzy method to learn fuzzy classification rules from data , 1997, Fuzzy Sets Syst..

[7]  Detlef Nauck,et al.  Neuro-Fuzzy Systems: Review And Prospects , 1997 .

[8]  Insup Lee,et al.  Measuring False-Positive by Automated Real-Time Correlated Hacking Behavior Analysis , 2001, ISC.

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Rudolf Kruse,et al.  NEFCLASS for Java-new learning algorithms , 1999, 18th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.99TH8397).

[11]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[12]  Jan Jantzen,et al.  Neurofuzzy Modelling , 1998 .

[13]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques with Java implementations , 2002, SGMD.

[14]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[15]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[16]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[17]  D. Nauck,et al.  Nefclass | a Neuro{fuzzy Approach for the Classification of Data , 1995 .

[18]  A. Samsudin,et al.  False positives reduction via intrusion alert quality framework , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.