Reducing False Negatives in Intelligent Intrusion Detection Decision Response System
As soon as the Intrusion Detection System (IDS) detects any suspicious or malicious activity, it will generate alarms. Unfortunately, the triggered alarms usually are accompanied with huge number of false alarms (false-positives and false-negatives) which is the key performance parameters of the IDS. The risk of false-negatives is higher than false-positives. In our previous paper, we proposed a novel intelligent intrusion detection, decision, response system (I2D2RS) with fuzzy theory, which use the two essential information times and time, of the failed login to decide automatically the attacker like an experienced system/security administrator. Though the system can reduce the false alarms perfectly, the capability of processing simultaneous multi-point attack is relatively weak, and then false-negatives will be occurred. In this paper, we employ a preprocessing module to collect the failed login information before data processing. The proposed approach changes the processing procedure from serial to parallel processing, thus eliminates the false-negatives. The efficiency of these improvements was confirmed with the experiments.
H. M. Kai et al., "Reducing False Negatives in Intelligent Intrusion Detection Decision Response System", Applied Mechanics and Materials, Vols. 128-129, pp. 676-681, 2012