False alarm reduction in signature‐based IDS: game theory approach

Abstract

AbstractSignature‐based intrusion detection systems (IDSs) are employed to monitor computer networks for signs of network intrusions. However, they produce a large number of false positive alarms when operated with default settings without considering the underlying network environment. Inundation of false alarms is the Achilles heel of IDS technology, which could render the IDS ineffective in detecting network attacks. Several false alarm minimization approaches have been proposed in the literature. However, there are many drawbacks associated with these works, namely, modification of well‐established attack signatures; heavy dependence on the attack signatures' reference numbers, which might not always be available; and non‐consideration of the underlying network context information. In this paper, we propose an efficient game theory‐based false alarm minimization scheme for signature‐based IDS. The proposed scheme uses a game theory‐based correlation engine to correlate IDS alarms with network vulnerabilities to minimize the overall false positive alarm rate of the IDS. Experimental results and comparison analysis of the proposed false alarm minimization framework with other frameworks on the benchmark DARPA intrusion detection evaluation dataset and an in‐house IIT Guwahati Lab dataset show that the proposed scheme achieves the highest accuracy among all the frameworks under consideration without degrading the overall detection rate of the IDS. Copyright © 2016 John Wiley & Sons, Ltd.