NIDS Based False Positive Alert Screening Approach Using Machine Leaning
DOI:
https://doi.org/10.15379/ijmst.v10i3.3789Keywords:
Cyber security, Intrusion Detection System (IDS), Alert verification, Alert prioritization, Alert Fusion, Machine learning (ML), False Alert, Adaptive Filtering.Abstract
One of the most crucial security challenges of the modern day is detecting cyber attacks, and a network monitoring system to detect any intrusion commonly known as Network Intrusion Detection System (NIDS) are essential for this. Various machine learning approaches have been used in numerous research to build robust NIDS that can identify cyberthreats. While the majority of NIDS research focuses on developing novel AI/ML models to increase classification/detection accuracy, every model generates a percentage of false positive (FP) alarms in the real world. The mechanism for handling FP alarms is rarely covered in studies. Managing the volume of FP alarms on a busy network takes a lot of time for security staff. Automation of FP alert filtering is crucial because of this. In this research, we leverage kernel density estimation to present an automated FP alert filtering technique. Regardless of the NIDS that is in place, our suggested plan can help security staff with the alert verification process. Our tests demonstrate that, in terms of error ratio, our suggested system performs 32% to 60% better than alternative algorithms. Additionally, our suggested plan cuts down on the alert verification process's duration by 73%.