Intrusion alert reduction based on unsupervised and supervised learning algorithms

Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a rang...

Full description

Saved in:
Bibliographic Details
Main Authors: Kemi Afolabi-B., Oyinkansola Oluwapelumi, Sirat @ Md. Siraj, Maheyzah
Format: Article
Language:English
Published: Penerbit UTM Press 2021
Subjects:
Online Access:http://eprints.utm.my/id/eprint/97788/1/OyinkansolaOluwapelumi2021_IntrusionAlertReductionBasedonUnsupervised.pdf
http://eprints.utm.my/id/eprint/97788/
http://dx.doi.org/10.11113/ijic.v11n2.331
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.97788
record_format eprints
spelling my.utm.977882022-10-31T08:51:06Z http://eprints.utm.my/id/eprint/97788/ Intrusion alert reduction based on unsupervised and supervised learning algorithms Kemi Afolabi-B., Oyinkansola Oluwapelumi Sirat @ Md. Siraj, Maheyzah QA75 Electronic computers. Computer science Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a range of network attacks; but one of its major drawbacks is that attackers, with the evolution of time and technology make it harder for IDS systems to cope. A sub-branch of IDS-Intrusion Alert Analysis was introduced into the research system to combat these problems and help support IDS by analyzing the alert triggered by the IDS. Intrusion Alert analysis has served as a good support for IDS systems for many years but also has its own short comings which are the amount of the voluminous number of alerts produced by IDS systems. From years of research, it has been observed that majority of the alerts produced are undesirables such as duplicates, false alerts, etc., leading to huge amounts of alerts causing alert flooding. This research proposed the reduction alert by targeting these undesirable alerts through the integration of supervised and unsupervised algorithms and approach. The research first selects significant features by comparing two feature ranking techniques this targets duplicates, low priority and irrelevant alert. To achieve further reduction, the research proposed the integration of supervised and unsupervised algorithms to filter out false alerts. Based on this, an effective model was gotten which achieved 94.02% reduction rate of alerts. Making use of the dataset ISCX 2012, experiments were conducted and the model with the highest reduction rate was chosen. The model was evaluated against other experimental results and benchmarked against a related work, it also improved on the said related work. Penerbit UTM Press 2021-12 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/97788/1/OyinkansolaOluwapelumi2021_IntrusionAlertReductionBasedonUnsupervised.pdf Kemi Afolabi-B., Oyinkansola Oluwapelumi and Sirat @ Md. Siraj, Maheyzah (2021) Intrusion alert reduction based on unsupervised and supervised learning algorithms. International Journal of Innovative Computing, 11 (2). pp. 25-34. ISSN 2180-4370 http://dx.doi.org/10.11113/ijic.v11n2.331 DOI:10.11113/ijic.v11n2.331
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Kemi Afolabi-B., Oyinkansola Oluwapelumi
Sirat @ Md. Siraj, Maheyzah
Intrusion alert reduction based on unsupervised and supervised learning algorithms
description Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a range of network attacks; but one of its major drawbacks is that attackers, with the evolution of time and technology make it harder for IDS systems to cope. A sub-branch of IDS-Intrusion Alert Analysis was introduced into the research system to combat these problems and help support IDS by analyzing the alert triggered by the IDS. Intrusion Alert analysis has served as a good support for IDS systems for many years but also has its own short comings which are the amount of the voluminous number of alerts produced by IDS systems. From years of research, it has been observed that majority of the alerts produced are undesirables such as duplicates, false alerts, etc., leading to huge amounts of alerts causing alert flooding. This research proposed the reduction alert by targeting these undesirable alerts through the integration of supervised and unsupervised algorithms and approach. The research first selects significant features by comparing two feature ranking techniques this targets duplicates, low priority and irrelevant alert. To achieve further reduction, the research proposed the integration of supervised and unsupervised algorithms to filter out false alerts. Based on this, an effective model was gotten which achieved 94.02% reduction rate of alerts. Making use of the dataset ISCX 2012, experiments were conducted and the model with the highest reduction rate was chosen. The model was evaluated against other experimental results and benchmarked against a related work, it also improved on the said related work.
format Article
author Kemi Afolabi-B., Oyinkansola Oluwapelumi
Sirat @ Md. Siraj, Maheyzah
author_facet Kemi Afolabi-B., Oyinkansola Oluwapelumi
Sirat @ Md. Siraj, Maheyzah
author_sort Kemi Afolabi-B., Oyinkansola Oluwapelumi
title Intrusion alert reduction based on unsupervised and supervised learning algorithms
title_short Intrusion alert reduction based on unsupervised and supervised learning algorithms
title_full Intrusion alert reduction based on unsupervised and supervised learning algorithms
title_fullStr Intrusion alert reduction based on unsupervised and supervised learning algorithms
title_full_unstemmed Intrusion alert reduction based on unsupervised and supervised learning algorithms
title_sort intrusion alert reduction based on unsupervised and supervised learning algorithms
publisher Penerbit UTM Press
publishDate 2021
url http://eprints.utm.my/id/eprint/97788/1/OyinkansolaOluwapelumi2021_IntrusionAlertReductionBasedonUnsupervised.pdf
http://eprints.utm.my/id/eprint/97788/
http://dx.doi.org/10.11113/ijic.v11n2.331
_version_ 1748703144908423168
score 13.211869