A case study: Intelligent false alarm reduction using fuzzy if-then rules in network intrusion detection

Nowadays, network intrusion detection systems (NIDSs) have become an essential part for the network security infrastructure. However, the large number of false alarms is a big problem for these detection systems which greatly reduces their effectiveness and efficiency. To mitigate this problem, we have developed an intelligent false alarm filter to help filter out false alarms by adaptively and periodically selecting the most appropriate machine learning algorithms (e.g., support vector machine, decision tree, k-nearest neighbor) that conduct the best single-algorithm performance. Therefore, our intelligent false alarm filter can keep reducing the number of false alarms at a high and stable level. In this paper, we aim to conduct a case study in exploring the performance of our developed false alarm filter by implementing a fuzzy classifier based on if-then rules. By comparing with other algorithms that have been implemented in our false alarm filter, the experimental results show that the if-then rules based fuzzy algorithm performs a bit better than the baseline algorithm and can be improved by selecting an appropriate fuzzy partition.