A Survey on Intrusion Detection Systems: Types, Datasets, Machine Learning methods for NIDS and Challenges

Walling, Supongmen; Lodh, Sibesh

doi:10.1109/icccnt54827.2022.9984320

Cited by 3 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An NIDS with response capabilities, e.g., blocking traffic when an intrusion is detected, is typically referred to as an intrusion prevention system [17]. As surveyed in the literature [18], recent research on IDSs has focused on applying the most recent AI and ML methods to detect intrusions [19,20]. Noteworthy work includes extending IDS schemes to protect network environments, e.g., the Internet of Things [21,22], cloud environments [23,24], software-defined networks [25], and automation and control systems [26].…”

Section: Idssmentioning

confidence: 99%

“…The evolving cybersecurity landscape presents challenges for current IDSs due to the sophisticated techniques used by threat actors. Missed critical events and high false alarm rates can result in severe consequences, e.g., data breaches and reputational damage [18]. To address these challenges, enterprises deploy multiple IDSs and complex SIEM solutions; however, this can result in alert fatigue and reduced productivity among security personnel.…”

Section: Previous Studies On Alert Fatiguementioning

confidence: 99%

See 1 more Smart Citation

Breaking Alert Fatigue: AI-Assisted SIEM Framework for Effective Incident Response

et al. 2023

View full text Add to dashboard Cite

Contemporary security information and event management (SIEM) solutions struggle to identify critical security incidents effectively due to the overwhelming number of false alerts generated by disparate security products, which results in significant alert fatigue and hinders effective incident response. To overcome this challenge, we propose a next-generation SIEM framework that integrates security orchestration automation and response capabilities and utilizes a divide-and-conquer strategy to mitigate the impact of low-quality IDS alerts. The proposed framework leverages advanced machine learning and data visualization tools—including a cost-sensitive learning method and an event segmenting algorithm—to filter and correlate alerts plus an augmented visualization tool to expedite the triage process. The proposed framework was evaluated experimentally on a dataset collected from a real-world enterprise network, and we report highly convincing results. The alert screening scheme demonstrates significant potential for real-world security operations. We believe that our findings will contributing to the development of a next-generation SIEM system that effectively addresses alert fatigue and lays the foundation for future research in this field.

show abstract