Improving the effectiveness of intrusion detection systems for hierarchical data

Ran Yahalom, Alon Steren, Yonatan Nameri, Maxim Roytman, Angel Porgador, Yuval Elovici

Knowledge-Based Systems 168, 59-69, 2019

A high false alarm rate of anomaly-based, on-line, high throughput intrusion detection systems (IDS) is a serious concern, often rendering these IDSs impractical for use in real-world systems. The usual approach to this problem is to try to decrease or limit the false alarm rate. However, IDSs that adopt this approach are usually attack or algorithm specific and are not considered generally applicable. In this paper, we propose a general method for lowering the false positive rate (FPR) of any existing state-of-the-art anomaly-based IDS for hierarchical data, while minimizing the potential decrease in the detection rate. This is done by automatically learning the underlying hierarchy of sub-classes from a dataset of normal instances and iteratively applying the IDS on each sub-class. Compared to previous work, our method is more practical because it does not require users to possess any knowledge about the data’s …