An Adaptive and Cost-Sensitive Learning Model for False Alarm Reduction in IDSs

• Main Authors: Kuei-Lin Yang, 楊貴麟
• Other Authors: Yuh-Jye Lee
• Format: Others
• Language: en_US
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/44yjdq

碩士 === 國立臺灣科技大學 === 資訊工程系 === 95 === Intrusion Detection System (IDS) is a software system or hardware device deployed to monitor host activities and network to detect intrusions, which are actions that attempt to compromise the confidentiality, integrity and availability of computer resources. Nevertheless, IDSs are faced with a serious problem on a huge number of false alarms. It is really infeasible for security analysts to investigate lots of these alarms. In this thesis, we proposed the framework incorporated with an alert filter which is able to identify true attacks and filter out the highly possible false alarms to alleviate a security analyst's burden. Due to the distribution of alerts is very skewed, we lead in the concept of cost-sensitive learning to classify true attacks. In order to make the alert classifier fit to different network environment, we introduced an adaptive learning model that utilizes the ID analyst's feedback to improve the alert classifier. We adopt cost-sensitive meta-classifier with two base learners respectively, including decision trees and RIPPER, to train the alert classifier. Our experiments were designed for simulating the scenario for applying our proposed framework to real world security systems. The experimental results demonstrate that the adaptive learning model with the feedback of ID analysts will improve the alert classifier and show the results of our proposed framework which are as close as to those of analysis of entire alerts.