Enhancing False Alarm Reduction Using Pool-Based Active Learning in Network Intrusion Detection

机译：在网络入侵检测中使用基于池的主动学习来增强减少误报的能力

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Network intrusion detection systems (NIDSs) are an important and essential defense mechanism against network attacks. However, during their detection, a large number of NIDS false alarms could be generated, which is a major challenging problem for these systems. To mitigate this issue, machine-learning based false alarm filters have been developed to refine false alarms, but it is very laborious and difficult for security experts to provide many labeled examples to train a classifier. In this paper, we therefore attempt to investigate the performance of active learning, which can make the optimal use of the given datasets, in this particular field of NIDS false alarm reduction. After analyzing the relationship between the process of false alarm reduction and the process of intrusion detection, we design a simple but efficient pool-based active learning algorithm in a false alarm filter and evaluate its performance by comparing it with several traditional supervised machine learning algorithms. The experimental results show that the designed pool-based active learner can generally achieve a better outcome than a traditional machine learning algorithm, and that the designed scheme can approximatively reduce the required number of labeled alarms by half.

机译：网络入侵检测系统（NIDS）是针对网络攻击的重要且必不可少的防御机制。但是，在检测过程中，可能会产生大量的NIDS错误警报，这对于这些系统是一个主要的挑战性问题。为了缓解此问题，已经开发了基于机器学习的虚假警报过滤器来完善虚假警报，但是对于安全专家而言，要提供许多带有标签的示例来训练分类器非常费力且困难。因此，在本文中，我们尝试研究主动学习的性能，该性能可以在NIDS虚警减少的特定领域中充分利用给定的数据集。在分析了虚假警报减少过程与入侵检测过程之间的关系之后，我们在虚假警报过滤器中设计了一个简单但有效的基于池的主动学习算法，并将其与几种传统的监督式机器学习算法进行比较来评估其性能。实验结果表明，所设计的基于池的主动学习器通常可以比传统的机器学习算法获得更好的结果，并且所设计的方案可以将所需的标记警报数量大约减少一半。

著录项

来源
《International conference on information security practice and experience》|2013年|1-15|共15页
会议地点
作者
Yuxin Meng; Lam-For Kwok;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Network Security; Active Learning and Its Applications; False Alarm Reduction; Intrusion Detection;

机译：网络安全;主动学习及其应用;减少误报;入侵检测;

相似文献

外文文献
中文文献
专利

1. Enhancing False Alarm Reduction Using Voted Ensemble Selection in Intrusion Detection [J] . Yuxin Meng, Lam-For Kwok International journal of computational intelligence systems . 2013,第1a6期

机译：在入侵检测中使用投票的集合选择来增强减少误报的能力
2. MVPSys: Toward practical multi-view based false alarm reduction system in network intrusion detection [J] . Wenjuan Li, Weizhi Meng, Xiapu Luo, Computers & Security . 2016,第jula期

机译：MVPSys：面向实用的基于多视图的虚假减少系统，用于网络入侵检测
3. Network specific false alarm reduction in intrusion detection system [J] . Neminath Hubballi, Santosh Biswas, Sukumar Nandi Security and communication networks . 2011,第11期

机译：特定于网络的虚假警报减少入侵检测系统
4. Enhancing False Alarm Reduction Using Pool-Based Active Learning in Network Intrusion Detection [C] . Yuxin Meng, Lam-For Kwok International Conference on Information Security Practice and Experience . 2013

机译：使用基于池的主动学习在网络入侵检测中提高虚假警报减少
5. Reduction of False Positives in Intrusion Detection Based on Extreme Learning Machine with Situation Awareness [D] . Burgio, Donald A. 2020

机译：基于极端学习机的入侵检测中误报的减少
6. Single-modal and multi-modal false arrhythmia alarm reduction using attention-based convolutional and recurrent neural networks [O] . Sajad Mousavi, Atiyeh Fotoohinasab, Fatemeh Afghah 2020

机译：使用基于注意力的卷积和经常性神经网络的单模和多模态假心律失常报警
7. Enhancing False Alarm Reduction Using Voted Ensemble Selection in Intrusion Detection [O] . Yuxin Meng, Lam-For Kwok 2013

机译：使用投票的集合选择在入侵检测中提高误报例

Enhancing False Alarm Reduction Using Pool-Based Active Learning in Network Intrusion Detection

摘要

著录项

相似文献

相关主题

期刊订阅