Adaptive machine learning‐based alarm reduction via edge computing for distributed intrusion detection systems

Summary To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Concurrency and computation Ročník 31; číslo 19
Hlavní autori: Wang, Yu, Meng, Weizhi, Li, Wenjuan, Liu, Zhe, Liu, Yang, Xue, Hanxiao
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Hoboken Wiley Subscription Services, Inc 10.10.2019
Predmet:
Adaptive algorithms
Artificial intelligence
Cloud computing
Delay
distributed system
Edge computing
False alarms
intelligent false alarm filter
intrusion detection
Intrusion detection systems
Machine learning
Reduction
Response time
System effectiveness
Workload
ISSN:1532-0626, 1532-0634
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Summary To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1532-0626
1532-0634
DOI:10.1002/cpe.5101