Intrusion alert reduction based on unsupervised and supervised learning algorithms
Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a rang...
Saved in:
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Penerbit UTM Press
2021
|
Subjects: | |
Online Access: | http://eprints.utm.my/id/eprint/97788/1/OyinkansolaOluwapelumi2021_IntrusionAlertReductionBasedonUnsupervised.pdf http://eprints.utm.my/id/eprint/97788/ http://dx.doi.org/10.11113/ijic.v11n2.331 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my.utm.97788 |
---|---|
record_format |
eprints |
spelling |
my.utm.977882022-10-31T08:51:06Z http://eprints.utm.my/id/eprint/97788/ Intrusion alert reduction based on unsupervised and supervised learning algorithms Kemi Afolabi-B., Oyinkansola Oluwapelumi Sirat @ Md. Siraj, Maheyzah QA75 Electronic computers. Computer science Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a range of network attacks; but one of its major drawbacks is that attackers, with the evolution of time and technology make it harder for IDS systems to cope. A sub-branch of IDS-Intrusion Alert Analysis was introduced into the research system to combat these problems and help support IDS by analyzing the alert triggered by the IDS. Intrusion Alert analysis has served as a good support for IDS systems for many years but also has its own short comings which are the amount of the voluminous number of alerts produced by IDS systems. From years of research, it has been observed that majority of the alerts produced are undesirables such as duplicates, false alerts, etc., leading to huge amounts of alerts causing alert flooding. This research proposed the reduction alert by targeting these undesirable alerts through the integration of supervised and unsupervised algorithms and approach. The research first selects significant features by comparing two feature ranking techniques this targets duplicates, low priority and irrelevant alert. To achieve further reduction, the research proposed the integration of supervised and unsupervised algorithms to filter out false alerts. Based on this, an effective model was gotten which achieved 94.02% reduction rate of alerts. Making use of the dataset ISCX 2012, experiments were conducted and the model with the highest reduction rate was chosen. The model was evaluated against other experimental results and benchmarked against a related work, it also improved on the said related work. Penerbit UTM Press 2021-12 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/97788/1/OyinkansolaOluwapelumi2021_IntrusionAlertReductionBasedonUnsupervised.pdf Kemi Afolabi-B., Oyinkansola Oluwapelumi and Sirat @ Md. Siraj, Maheyzah (2021) Intrusion alert reduction based on unsupervised and supervised learning algorithms. International Journal of Innovative Computing, 11 (2). pp. 25-34. ISSN 2180-4370 http://dx.doi.org/10.11113/ijic.v11n2.331 DOI:10.11113/ijic.v11n2.331 |
institution |
Universiti Teknologi Malaysia |
building |
UTM Library |
collection |
Institutional Repository |
continent |
Asia |
country |
Malaysia |
content_provider |
Universiti Teknologi Malaysia |
content_source |
UTM Institutional Repository |
url_provider |
http://eprints.utm.my/ |
language |
English |
topic |
QA75 Electronic computers. Computer science |
spellingShingle |
QA75 Electronic computers. Computer science Kemi Afolabi-B., Oyinkansola Oluwapelumi Sirat @ Md. Siraj, Maheyzah Intrusion alert reduction based on unsupervised and supervised learning algorithms |
description |
Security and protection of information is an ever-evolving process in the field of information security. One of the major tools of protection is the Intrusion Detection Systems (IDS). For so many years, IDS have been developed for use in computer networks, they have been widely used to detect a range of network attacks; but one of its major drawbacks is that attackers, with the evolution of time and technology make it harder for IDS systems to cope. A sub-branch of IDS-Intrusion Alert Analysis was introduced into the research system to combat these problems and help support IDS by analyzing the alert triggered by the IDS. Intrusion Alert analysis has served as a good support for IDS systems for many years but also has its own short comings which are the amount of the voluminous number of alerts produced by IDS systems. From years of research, it has been observed that majority of the alerts produced are undesirables such as duplicates, false alerts, etc., leading to huge amounts of alerts causing alert flooding. This research proposed the reduction alert by targeting these undesirable alerts through the integration of supervised and unsupervised algorithms and approach. The research first selects significant features by comparing two feature ranking techniques this targets duplicates, low priority and irrelevant alert. To achieve further reduction, the research proposed the integration of supervised and unsupervised algorithms to filter out false alerts. Based on this, an effective model was gotten which achieved 94.02% reduction rate of alerts. Making use of the dataset ISCX 2012, experiments were conducted and the model with the highest reduction rate was chosen. The model was evaluated against other experimental results and benchmarked against a related work, it also improved on the said related work. |
format |
Article |
author |
Kemi Afolabi-B., Oyinkansola Oluwapelumi Sirat @ Md. Siraj, Maheyzah |
author_facet |
Kemi Afolabi-B., Oyinkansola Oluwapelumi Sirat @ Md. Siraj, Maheyzah |
author_sort |
Kemi Afolabi-B., Oyinkansola Oluwapelumi |
title |
Intrusion alert reduction based on unsupervised and supervised learning algorithms |
title_short |
Intrusion alert reduction based on unsupervised and supervised learning algorithms |
title_full |
Intrusion alert reduction based on unsupervised and supervised learning algorithms |
title_fullStr |
Intrusion alert reduction based on unsupervised and supervised learning algorithms |
title_full_unstemmed |
Intrusion alert reduction based on unsupervised and supervised learning algorithms |
title_sort |
intrusion alert reduction based on unsupervised and supervised learning algorithms |
publisher |
Penerbit UTM Press |
publishDate |
2021 |
url |
http://eprints.utm.my/id/eprint/97788/1/OyinkansolaOluwapelumi2021_IntrusionAlertReductionBasedonUnsupervised.pdf http://eprints.utm.my/id/eprint/97788/ http://dx.doi.org/10.11113/ijic.v11n2.331 |
_version_ |
1748703144908423168 |
score |
13.211869 |