Semi-supervised learning for false alarm reduction

Chien Yi Chiu; Yuh-Jye Lee; Chien Chung Chang; Wen Yang Luo; Hsiu Chuan Huang

doi:10.1007/978-3-642-14400-4_46

Semi-supervised learning for false alarm reduction

Chien Yi Chiu^*, Yuh-Jye Lee, Chien Chung Chang, Wen Yang Luo, Hsiu Chuan Huang

^*Corresponding author for this work

Department of Applied Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

36 Scopus citations

Abstract

Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts. Thus, reducing false alarms efficiently has become the most important issue in IDS. In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false alarms and still keep a high detection rate. In our semi-supervised learning approach, we only need a very small amount of label information. This will save a huge security officer's effort and make the alert filter be more practical for the real systems. Numerical comparison with conventional supervised learning approach with the same small portion labeled data, our method has significantly superior detection rate as well as in the false alarm reduction rate.

Original language	English
Title of host publication	Advances in Data Mining
Subtitle of host publication	Applications and Theoretical Aspects - 10th Industrial Conference, ICDM 2010, Proceedings
Pages	595-605
Number of pages	11
DOIs	https://doi.org/10.1007/978-3-642-14400-4_46
State	Published - 2010
Event	10th Industrial Conference on Advances in Data Mining, ICDM 2010 - Berlin, Germany Duration: 12 Jul 2010 → 14 Jul 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6171 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	10th Industrial Conference on Advances in Data Mining, ICDM 2010
Country/Territory	Germany
City	Berlin
Period	12/07/10 → 14/07/10

Keywords

False Alarm Reduction
Intrusion Detection
Machine Learning
Semi-Supervised Learning

Access to Document

10.1007/978-3-642-14400-4_46

Cite this

Chiu, C. Y., Lee, Y.-J., Chang, C. C., Luo, W. Y., & Huang, H. C. (2010). Semi-supervised learning for false alarm reduction. In Advances in Data Mining: Applications and Theoretical Aspects - 10th Industrial Conference, ICDM 2010, Proceedings (pp. 595-605). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6171 LNAI). https://doi.org/10.1007/978-3-642-14400-4_46

Chiu, Chien Yi ; Lee, Yuh-Jye ; Chang, Chien Chung et al. / Semi-supervised learning for false alarm reduction. Advances in Data Mining: Applications and Theoretical Aspects - 10th Industrial Conference, ICDM 2010, Proceedings. 2010. pp. 595-605 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0d169dad9db7411aaa95af735f6767d8,

title = "Semi-supervised learning for false alarm reduction",

abstract = "Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts. Thus, reducing false alarms efficiently has become the most important issue in IDS. In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false alarms and still keep a high detection rate. In our semi-supervised learning approach, we only need a very small amount of label information. This will save a huge security officer's effort and make the alert filter be more practical for the real systems. Numerical comparison with conventional supervised learning approach with the same small portion labeled data, our method has significantly superior detection rate as well as in the false alarm reduction rate.",

keywords = "False Alarm Reduction, Intrusion Detection, Machine Learning, Semi-Supervised Learning",

author = "Chiu, {Chien Yi} and Yuh-Jye Lee and Chang, {Chien Chung} and Luo, {Wen Yang} and Huang, {Hsiu Chuan}",

year = "2010",

doi = "10.1007/978-3-642-14400-4_46",

language = "English",

isbn = "3642143997",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "595--605",

booktitle = "Advances in Data Mining",

note = "10th Industrial Conference on Advances in Data Mining, ICDM 2010 ; Conference date: 12-07-2010 Through 14-07-2010",

}

Chiu, CY, Lee, Y-J, Chang, CC, Luo, WY & Huang, HC 2010, Semi-supervised learning for false alarm reduction. in Advances in Data Mining: Applications and Theoretical Aspects - 10th Industrial Conference, ICDM 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6171 LNAI, pp. 595-605, 10th Industrial Conference on Advances in Data Mining, ICDM 2010, Berlin, Germany, 12/07/10. https://doi.org/10.1007/978-3-642-14400-4_46

Semi-supervised learning for false alarm reduction. / Chiu, Chien Yi; Lee, Yuh-Jye; Chang, Chien Chung et al.
Advances in Data Mining: Applications and Theoretical Aspects - 10th Industrial Conference, ICDM 2010, Proceedings. 2010. p. 595-605 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6171 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Semi-supervised learning for false alarm reduction

AU - Chiu, Chien Yi

AU - Lee, Yuh-Jye

AU - Chang, Chien Chung

AU - Luo, Wen Yang

AU - Huang, Hsiu Chuan

PY - 2010

Y1 - 2010

N2 - Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts. Thus, reducing false alarms efficiently has become the most important issue in IDS. In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false alarms and still keep a high detection rate. In our semi-supervised learning approach, we only need a very small amount of label information. This will save a huge security officer's effort and make the alert filter be more practical for the real systems. Numerical comparison with conventional supervised learning approach with the same small portion labeled data, our method has significantly superior detection rate as well as in the false alarm reduction rate.

AB - Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts. Thus, reducing false alarms efficiently has become the most important issue in IDS. In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false alarms and still keep a high detection rate. In our semi-supervised learning approach, we only need a very small amount of label information. This will save a huge security officer's effort and make the alert filter be more practical for the real systems. Numerical comparison with conventional supervised learning approach with the same small portion labeled data, our method has significantly superior detection rate as well as in the false alarm reduction rate.

KW - False Alarm Reduction

KW - Intrusion Detection

KW - Machine Learning

KW - Semi-Supervised Learning

UR - http://www.scopus.com/inward/record.url?scp=77954866456&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-14400-4_46

DO - 10.1007/978-3-642-14400-4_46

M3 - Conference contribution

AN - SCOPUS:77954866456

SN - 3642143997

SN - 9783642143991

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 595

EP - 605

BT - Advances in Data Mining

T2 - 10th Industrial Conference on Advances in Data Mining, ICDM 2010

Y2 - 12 July 2010 through 14 July 2010

ER -

Chiu CY, Lee YJ, Chang CC, Luo WY, Huang HC. Semi-supervised learning for false alarm reduction. In Advances in Data Mining: Applications and Theoretical Aspects - 10th Industrial Conference, ICDM 2010, Proceedings. 2010. p. 595-605. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-14400-4_46

Semi-supervised learning for false alarm reduction

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this