Measuring intelligent false alarm reduction using an ROC curve-based approach in network intrusion detection

• Published in: 2012 IEEE International Conference on Computational Intelligence for Measurement Systems and Applications (CIMSA) Proceedings pp. 108 - 113
• Main Author: Yuxin Meng
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.07.2012
• Subjects: Algorithm design and analysis; Computational Intelligence; Equations; False Alarm Reduction; Intelligent Decision Support and Control Systems; Intrusion detection; Machine learning; Machine learning algorithms; Mathematical model; Performance Measurement; Support vector machines
• ISBN: 1457717786; 9781457717789
• ISSN: 2159-1547; 2159-1555
• DOI: 10.1109/CIMSA.2012.6269608

Currently, network intrusion detection systems (NIDSs) are being widely deployed in various network environment with the purpose of defending against network attacks. However, these systems can generate a large number of alarms especially false alarms during their detection procedure, which is a big problem that decreases the effectiveness and efficiency of their detection. To mitigate this issue, we have developed an intelligent false alarm filter to filter out false alarms by periodically selecting the most appropriate machine learning algorithm which conducts the best performance from an algorithm pool. To evaluate the best single-algorithm performance among several machine learning schemes, we utilized two measures (e.g., classification accuracy, precision of false alarm) to determine the best algorithm. In this paper, we mainly conduct a study of applying an ROC curve-based approach with cost analysis in our intelligent filter to further improve the decision quality. The experimental results show that by combining our defined ROC curve-based measure, namely relative expected cost, our developed filter can achieve a better outcome in the aspect of cost consideration.