Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm

Yuxin Meng; Lam-For Kwok

doi:10.4018/978-1-4666-4514-1.ch008

Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm

City University of Hong Kong

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 12 - Chapter in an edited book (Author) › peer-review

Abstract

Intrusion Detection Systems (IDSs) have been widely implemented in various network environments as an essential component for current Information and Communications Technologies (ICT). However, false alarms are a big problem for these systems, in which a large number of IDS alarms, especially false positives, could be generated during their detection. This issue greatly decreases the effectiveness and the efficiency of an IDS and heavily increases the burden on analyzing real alarms. To mitigate this problem, in this chapter, the authors identify and analyze the reasons for causing this problem, present a survey through reviewing some related work in the aspect of false alarm reduction, and introduce a promising solution of constructing an intelligent false alarm filter to refine false alarms for an IDS.

Original language	English
Title of host publication	Architectures and Protocols for Secure Information Technology Infrastructures
Editors	Antonio Ruiz Martínez, Fernando Pereniguez Garcia, Rafael Marin-Lopez
Place of Publication	Hershey PA
Publisher	IGI Global Publishing
Pages	214-236
ISBN (Electronic)	9781466645158, 1466645156
ISBN (Print)	9781466645141, 1466645148, 9781466645165, 1466645164
DOIs	https://doi.org/10.4018/978-1-4666-4514-1.ch008
Publication status	Published - 30 Sept 2013

Access Output

10.4018/978-1-4666-4514-1.ch008

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Meng, Y., & Kwok, L.-F. (2013). Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm. In A. R. Martínez, F. P. Garcia, & R. Marin-Lopez (Eds.), Architectures and Protocols for Secure Information Technology Infrastructures (pp. 214-236). Article 8 IGI Global Publishing. https://doi.org/10.4018/978-1-4666-4514-1.ch008

Meng, Yuxin ; Kwok, Lam-For. / Enhancing intrusion detection systems using intelligent false alarm filter : Selecting the best machine learning algorithm. Architectures and Protocols for Secure Information Technology Infrastructures. editor / Antonio Ruiz Martínez ; Fernando Pereniguez Garcia ; Rafael Marin-Lopez. Hershey PA : IGI Global Publishing, 2013. pp. 214-236

@inbook{392a965c362344cfa5ecbfb8e8a65644,

title = "Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm",

abstract = "Intrusion Detection Systems (IDSs) have been widely implemented in various network environments as an essential component for current Information and Communications Technologies (ICT). However, false alarms are a big problem for these systems, in which a large number of IDS alarms, especially false positives, could be generated during their detection. This issue greatly decreases the effectiveness and the efficiency of an IDS and heavily increases the burden on analyzing real alarms. To mitigate this problem, in this chapter, the authors identify and analyze the reasons for causing this problem, present a survey through reviewing some related work in the aspect of false alarm reduction, and introduce a promising solution of constructing an intelligent false alarm filter to refine false alarms for an IDS.",

author = "Yuxin Meng and Lam-For Kwok",

year = "2013",

month = sep,

day = "30",

doi = "10.4018/978-1-4666-4514-1.ch008",

language = "English",

isbn = "9781466645141",

pages = "214--236",

editor = "Mart{\'i}nez, {Antonio Ruiz} and Garcia, {Fernando Pereniguez} and Rafael Marin-Lopez",

booktitle = "Architectures and Protocols for Secure Information Technology Infrastructures",

publisher = "IGI Global Publishing",

address = "United States",

}

Meng, Y & Kwok, L-F 2013, Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm. in AR Martínez, FP Garcia & R Marin-Lopez (eds), Architectures and Protocols for Secure Information Technology Infrastructures., 8, IGI Global Publishing, Hershey PA, pp. 214-236. https://doi.org/10.4018/978-1-4666-4514-1.ch008

Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm. / Meng, Yuxin; Kwok, Lam-For.
Architectures and Protocols for Secure Information Technology Infrastructures. ed. / Antonio Ruiz Martínez; Fernando Pereniguez Garcia; Rafael Marin-Lopez. Hershey PA: IGI Global Publishing, 2013. p. 214-236 8.

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 12 - Chapter in an edited book (Author) › peer-review

TY - CHAP

T1 - Enhancing intrusion detection systems using intelligent false alarm filter

T2 - Selecting the best machine learning algorithm

AU - Meng, Yuxin

AU - Kwok, Lam-For

PY - 2013/9/30

Y1 - 2013/9/30

N2 - Intrusion Detection Systems (IDSs) have been widely implemented in various network environments as an essential component for current Information and Communications Technologies (ICT). However, false alarms are a big problem for these systems, in which a large number of IDS alarms, especially false positives, could be generated during their detection. This issue greatly decreases the effectiveness and the efficiency of an IDS and heavily increases the burden on analyzing real alarms. To mitigate this problem, in this chapter, the authors identify and analyze the reasons for causing this problem, present a survey through reviewing some related work in the aspect of false alarm reduction, and introduce a promising solution of constructing an intelligent false alarm filter to refine false alarms for an IDS.

AB - Intrusion Detection Systems (IDSs) have been widely implemented in various network environments as an essential component for current Information and Communications Technologies (ICT). However, false alarms are a big problem for these systems, in which a large number of IDS alarms, especially false positives, could be generated during their detection. This issue greatly decreases the effectiveness and the efficiency of an IDS and heavily increases the burden on analyzing real alarms. To mitigate this problem, in this chapter, the authors identify and analyze the reasons for causing this problem, present a survey through reviewing some related work in the aspect of false alarm reduction, and introduce a promising solution of constructing an intelligent false alarm filter to refine false alarms for an IDS.

UR - http://www.scopus.com/inward/record.url?scp=84945144223&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-84945144223&origin=recordpage

U2 - 10.4018/978-1-4666-4514-1.ch008

DO - 10.4018/978-1-4666-4514-1.ch008

M3 - RGC 12 - Chapter in an edited book (Author)

SN - 9781466645141

SN - 1466645148

SN - 9781466645165

SN - 1466645164

SP - 214

EP - 236

BT - Architectures and Protocols for Secure Information Technology Infrastructures

A2 - Martínez, Antonio Ruiz

A2 - Garcia, Fernando Pereniguez

A2 - Marin-Lopez, Rafael

PB - IGI Global Publishing

CY - Hershey PA

ER -

Enhancing intrusion detection systems using intelligent false alarm filter: Selecting the best machine learning algorithm

Abstract

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this