Design of intelligent KNN‐based alarm filter using knowledge‐based alert verification in intrusion detection

Meng, Weizhi; Li, Wenjuan; Kwok, Lam For

doi:10.1002/sec.1307

Cited by 78 publications

(27 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To reduce the false alarm rate, Meng et al [59] proposed a KNN method to filter alarms. They conducted experiments in a real network environment and generated alerts using Snort.…”

Section: Rule and Machine Learning-based Hybrid Methodsmentioning

confidence: 99%

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

2019

View full text Add to dashboard Cite

Networks play important roles in modern life, and cyber security has become a vital research area. An intrusion detection system (IDS) which is an important cyber security technique, monitors the state of software and hardware running in the network. Despite decades of development, existing IDSs still face challenges in improving the detection accuracy, reducing the false alarm rate and detecting unknown attacks. To solve the above problems, many researchers have focused on developing IDSs that capitalize on machine learning methods. Machine learning methods can automatically discover the essential differences between normal data and abnormal data with high accuracy. In addition, machine learning methods have strong generalizability, so they are also able to detect unknown attacks. Deep learning is a branch of machine learning, whose performance is remarkable and has become a research hotspot. This survey proposes a taxonomy of IDS that takes data objects as the main dimension to classify and summarize machine learning-based and deep learning-based IDS literature. We believe that this type of taxonomy framework is fit for cyber security researchers. The survey first clarifies the concept and taxonomy of IDSs. Then, the machine learning algorithms frequently used in IDSs, metrics, and benchmark datasets are introduced. Next, combined with the representative literature, we take the proposed taxonomic system as a baseline and explain how to solve key IDS issues with machine learning and deep learning techniques. Finally, challenges and future developments are discussed by reviewing recent representative studies.

show abstract

“…To reduce the false alarm rate, Meng et al [59] proposed a KNN method to filter alarms. They conducted experiments in a real network environment and generated alerts using Snort.…”

Section: Rule and Machine Learning-based Hybrid Methodsmentioning

confidence: 99%

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

2019

View full text Add to dashboard Cite

show abstract

“…Meng and Li [28] designed a non-critical alarm filter to improve the quality of output alarms by integrating contextual information like application and OS information. Meng et al [32] developed a method of knowledge-based alert verification and design an intelligent alarm filter based on a multi-class k-nearest-neighbor classifier to filter out unwanted alarms. In particular, the alarm filter employs a rating mechanism by means of expert knowledge to classify incoming alarms to proper clusters for labeling.…”

Section: B Alarm Reduction In Intrusion Detectionmentioning

confidence: 99%

“…In addition, a classifier's precision can be further improved by updating training data in a regular way [32], or by integrating contextual information regarding the deployed environment [28]. To maintain the performance, there is an alternative to implement an intelligent false alarm filter by adaptively selecting the most appropriate classifier for alarm reduction [25].…”

Section: Precisionmentioning

confidence: 99%

Towards False Alarm Reduction Using Fuzzy If-Then Rules for Medical Cyber Physical Systems

Meng

et al. 2018

IEEE Access

Self Cite

View full text Add to dashboard Cite

Cyber-Physical Systems (CPS) are integrations of computation, networking, and physical processes. Its process control is often referred to as embedded systems. Generally, CPS and Internet of Things have the same basic architecture, whereas the former shows a higher combination and coordination between physical and computational elements, i.e., wireless sensor networks can be a vital part of CPS applications. With the rapid development, CPS has been applied to healthcare industry, where a wide range of medical sensors are used within a healthcare organization. However, these sensors may generate a large number of false alarms in practice, which could significantly reduce the system effectiveness. Targeting on this issue, in this work, we attempt to design a Medical Fuzzy Alarm Filter (named MFAFilter) for healthcare environments by means of fuzzy logic, especially fuzzy if-then rules, which could handle the vague and imprecise among data. In the evaluation, we conducted two major experiments to explore the performance of our approach in a simulated and a real network environment, respectively. Experimental results demonstrate that the use of fuzzy if-then rules could achieve a better accuracy as compared to the traditional supervised algorithms, and that our designed filter is effective in the practical environment.INDEX TERMS False alarm reduction, fuzzy if-then rules, alarm filter, medical cyber-physical systems, wireless sensor networks, machine learning technique.

show abstract

“…This leads to a necessity of informed machine learning techniques. For example, Meng et al [4] involved experts knowledge in the loop for recognizing the most successful models for reducing the amount of false alarms, at the same time keeping the level of accuracy high. Overall, Xin et al [2] in their survey indicate that machine learning and deep learning approaches can be quite successfully applied in cybersecurity and show high performance.…”

Section: Introductionmentioning

confidence: 99%

System Misuse Detection Via Informed Behavior Clustering and Modeling

Adilova

Natious

Chen³

et al. 2019

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

View full text Add to dashboard Cite

One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts. We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.

show abstract

Design of intelligent KNN‐based alarm filter using knowledge‐based alert verification in intrusion detection

Cited by 78 publications

References 29 publications

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey

Towards False Alarm Reduction Using Fuzzy If-Then Rules for Medical Cyber Physical Systems

System Misuse Detection Via Informed Behavior Clustering and Modeling

Contact Info

Product

Resources

About