Intrusion detection alert management for high‐speed networks: current researches and applications

Abstract: We propose an intrusion detection alert classifier based on a discriminative machine learning approach satisfying highspeed networks constraints. We mainly address the huge number of alerts and the high level rate of false ones produced in such environment. The classifier is based on online-adaptive support vector machine schemes. We demonstrate the utility of the developed method through extensive simulations and experiments against three data sets. Our intrusion alert classifier is crucial for forensics expe… Show more

“…Machine learning-based approaches (Bayesian approaches, Neural Networks, Statistical mixture models, SVM, Hidden Markov model, genetic algorithms, etc.) [33], [34], [35], [36], [37], [38], [39], [1], [2] have been proposed as a powerful techniques to solve several issues related to IDS, alert classification and intrusion detection problems. In particular, they are considered as effective tools for complex data modeling able to represent alerts in a compact form, to filter and to reduce the huge quantity of false alerts and to identify abnormal activities.…”

“…Their use, which is based on the using of a prior and newly acquired information, has proven to be of great importance in this growing area in order to improve the performance of IDS. In the literature, numerous machine learning-based algorithms were implemented for alert classification/clustering [35], [39], [2]. In particular, support vector machines (SVM) is widely employed since it is able to filter efficiently false alert and also it is considered by an important number of researchers in the context of intrusion alert management [40], [41], [42].…”

“…Moreover, finite mixtures models are mainly used to detect both previously seen (known) and unknown attacks. The same authors proposed another interesting classifier in [2] for online intrusion detection.…”

“…Thereby, the automation of the process of alert management is a necessity. It turns out that this problem becomes more difficult with the context of high-speed networks [1], [2]. Indeed, new severe issues related especially to the scalability, the real time constraints, and efficiency create a major challenge to the success of IDS [3], [4].…”

“…Evidently, the high-level rate of wrong alerts disproves the IDS performances and decrease its capability to prevent cyber-attacks that lead to tedious alert analysis task. In particular, alert clustering and outlier detection are crucial problems for taking suitable actions and for security threats understanding [5], [1], [2]. The content of this paper is a taxonomy and a survey related to the intrusion alert management.…”

Alerts Clustering for Intrusion Detection Systems: Overview and Machine Learning Perspectives

“…Machine learning-based approaches (Bayesian approaches, Neural Networks, Statistical mixture models, SVM, Hidden Markov model, genetic algorithms, etc.) [33], [34], [35], [36], [37], [38], [39], [1], [2] have been proposed as a powerful techniques to solve several issues related to IDS, alert classification and intrusion detection problems. In particular, they are considered as effective tools for complex data modeling able to represent alerts in a compact form, to filter and to reduce the huge quantity of false alerts and to identify abnormal activities.…”

“…Their use, which is based on the using of a prior and newly acquired information, has proven to be of great importance in this growing area in order to improve the performance of IDS. In the literature, numerous machine learning-based algorithms were implemented for alert classification/clustering [35], [39], [2]. In particular, support vector machines (SVM) is widely employed since it is able to filter efficiently false alert and also it is considered by an important number of researchers in the context of intrusion alert management [40], [41], [42].…”

“…Moreover, finite mixtures models are mainly used to detect both previously seen (known) and unknown attacks. The same authors proposed another interesting classifier in [2] for online intrusion detection.…”

“…Thereby, the automation of the process of alert management is a necessity. It turns out that this problem becomes more difficult with the context of high-speed networks [1], [2]. Indeed, new severe issues related especially to the scalability, the real time constraints, and efficiency create a major challenge to the success of IDS [3], [4].…”

“…Evidently, the high-level rate of wrong alerts disproves the IDS performances and decrease its capability to prevent cyber-attacks that lead to tedious alert analysis task. In particular, alert clustering and outlier detection are crucial problems for taking suitable actions and for security threats understanding [5], [1], [2]. The content of this paper is a taxonomy and a survey related to the intrusion alert management.…”

Alerts Clustering for Intrusion Detection Systems: Overview and Machine Learning Perspectives

Studying Machine Learning Techniques for Intrusion Detection Systems

Analysis of intrusion detection in cyber attacks using DEEP learning neural networks