Abstract
Detecting cyber threats is one of the most important security issues today, and network based intrusion detection systems (NIDS) play a vital role. Many studies have adopted Artificial Intelligence/Machine Learning (AI/ML) technology to create powerful NIDS to detect cyber threats. While most of NIDS studies focus on improving classification/detection accuracy by proposing new AI/ML models, all models produce a ratio of false positive alerts in the field. Very few studies discuss the methodology to handle false positive alerts. Giving a busy network, handling the number of false positive alerts become a time consuming task for security personnel. For this reason, false positive alert filtering automation is an important issue. In this paper, we propose a scheme to automate false positive alert filtering by leveraging kernel density estimation. Disregard of the deployed NIDS, our proposed scheme can assist security personnel in alert verification task. Our experiments show that our proposed scheme is 34% to 62% better in performance (in terms of error ratio) compared to other algorithms. Our proposed scheme also reduces 75% of the time in alert verification process.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
