Intelligent alarm filter using knowledge-based alert verification in network intrusion detection

Network intrusions have become a big challenge to current network environment. Thus, network intrusion detection systems (NIDSs) are being widely deployed in various networks aiming to detect different kinds of network attacks (e.g., Trojan, worms). However, in real settings, a large number of alarms can be generated during the detection procedure, which greatly decrease the effectiveness of these intrusion detection systems. To mitigate this problem, we advocate that constructing an alarm filter is a promising solution. In this paper, we design and develop an intelligent alarm filter to help filter out NIDS alarms by means of knowledge-based alert verification. In particular, our proposed method of knowledge-based alert verification employs a rating mechanism in terms of expert knowledge to classify incoming NIDS alarms. We implemented and evaluated this intelligent knowledge-based alarm filter in a network environment. The experimental results show that the developed alarm filter can accurately filter out a number of NIDS alarms and achieve a better outcome. Copyright © 2012 Springer-Verlag Berlin Heidelberg.