Semi-supervised learning for false alarm reduction

Authors:
Chien-Yi Chiu;Yuh-Jye Lee;Chien-Chung Chang;Wen-Yang Luo;Hsiu-Chuan Huang
Affiliations:
Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan;Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan;Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan;Information & Communication Security Lab, Chunghwa Telecom Laboratories;Information & Communication Security Lab, Chunghwa Telecom Laboratories
Venue:
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
Year:
2010

Citing 8
Cited 1

Combining labeled and unlabeled data with co-training

COLT' 98 Proceedings of the eleventh annual conference on Computational learning theory
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Tri-Training: Exploiting Unlabeled Data Using Three Classifiers

IEEE Transactions on Knowledge and Data Engineering
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Semi-supervised co-training and active learning based approach for multi-view intrusion detection

Proceedings of the 2009 ACM symposium on Applied Computing
IDS false alarm reduction using continuous and discontinuous patterns

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security

Intrusion detection using disagreement-based semi-supervised learning: detection enhancement and false alarm reduction

CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts. Thus, reducing false alarms efficiently has become the most important issue in IDS. In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false alarms and still keep a high detection rate. In our semi-supervised learning approach, we only need a very small amount of label information. This will save a huge security officer's effort and make the alert filter be more practical for the real systems. Numerical comparison with conventional supervised learning approach with the same small portion labeled data, our method has significantly superior detection rate as well as in the false alarm reduction rate.