Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection

Weizhi Meng, Wenjuan Li, Lam For Kwok

Research output: Journal article publicationJournal articleAcademic researchpeer-review

48 Citations (Scopus)

Abstract

Network intrusion detection systems (NIDSs) have been widely deployed in various network environments to defend against different kinds of network attacks. However, a large number of alarms especially unwanted alarms such as false alarms and non-critical alarms could be generated during the detection, which can greatly decrease the efficiency of the detection and increase the burden of analysis. To address this issue, we advocate that constructing an alarm filter in terms of expert knowledge is a promising solution. In this paper, we develop a method of knowledge-based alert verification and design an intelligent alarm filter based on a multi-class k-nearest-neighbor classifier to filter out unwanted alarms. In particular, the alarm filter employs a rating mechanism by means of expert knowledge to classify incoming alarms to proper clusters for labeling. We further analyze the effect of different classifier settings on classification accuracy with two alarm datasets. In the evaluation, we investigate the performance of the alarm filter with a real dataset and in a network environment, respectively. Experimental results indicate that our alarm filter can effectively filter out a number of NIDS alarms and can achieve a better outcome under the advanced mode.

Original languageEnglish
Pages (from-to)3883-3895
Number of pages13
JournalSecurity and Communication Networks
Volume8
Issue number18
DOIs
Publication statusPublished - 1 Dec 2015
Externally publishedYes

Keywords

  • Alarm filtration
  • Alert verification
  • Intelligent system
  • Network intrusion detection

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Cite this