Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems

Yu Wang, Weizhi Meng*, Wenjuan Li, Zhe Liu, Yang Liu, Hanxiao Xue

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.

Original languageEnglish
Article numbere5101
JournalConcurrency and Computation: Practice & Experience
Volume31
Issue number19
Number of pages12
ISSN1532-0626
DOIs
Publication statusPublished - 2019

Keywords

  • Distributed system
  • Edge computing
  • Intelligent false alarm filter
  • Intrusion detection
  • Machine learning

Cite this

@article{7993978f653643ba990baa1cf77270ce,
title = "Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems",
abstract = "To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.",
keywords = "Distributed system, Edge computing, Intelligent false alarm filter, Intrusion detection, Machine learning",
author = "Yu Wang and Weizhi Meng and Wenjuan Li and Zhe Liu and Yang Liu and Hanxiao Xue",
year = "2019",
doi = "10.1002/cpe.5101",
language = "English",
volume = "31",
journal = "Concurrency and Computation: Practice & Experience",
issn = "1532-0626",
publisher = "John Wiley & Sons Ltd",
number = "19",

}

Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems. / Wang, Yu; Meng, Weizhi; Li, Wenjuan; Liu, Zhe; Liu, Yang; Xue, Hanxiao.

In: Concurrency and Computation: Practice & Experience, Vol. 31, No. 19, e5101, 2019.

Research output: Contribution to journalJournal articleResearchpeer-review

TY - JOUR

T1 - Adaptive machine learning-based alarm reduction via edge computing for distributed intrusion detection systems

AU - Wang, Yu

AU - Meng, Weizhi

AU - Li, Wenjuan

AU - Liu, Zhe

AU - Liu, Yang

AU - Xue, Hanxiao

PY - 2019

Y1 - 2019

N2 - To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.

AB - To protect assets and resources from being hacked, intrusion detection systems are widely implemented in organizations around the world. However, false alarms are one challenging issue for such systems, which would significantly degrade the effectiveness of detection and greatly increase the burden of analysis. To solve this problem, building an intelligent false alarm filter using machine learning classifiers is considered as one promising solution, where an appropriate algorithm can be selected in an adaptive way in order to maintain the filtration accuracy. By means of cloud computing, the task of adaptive algorithm selection can be offloaded to the cloud, whereas it could cause communication delay and increase additional burden. In this work, motivated by the advent of edge computing, we propose a framework to improve the intelligent false alarm reduction for DIDS based on edge computing devices. Our framework can provide energy efficiency as the data can be processed at the edge for shorter response time. The evaluation results demonstrate that our framework can help reduce the workload for the central server and the delay as compared to the similar studies.

KW - Distributed system

KW - Edge computing

KW - Intelligent false alarm filter

KW - Intrusion detection

KW - Machine learning

U2 - 10.1002/cpe.5101

DO - 10.1002/cpe.5101

M3 - Journal article

VL - 31

JO - Concurrency and Computation: Practice & Experience

JF - Concurrency and Computation: Practice & Experience

SN - 1532-0626

IS - 19

M1 - e5101

ER -