A Real Time Adaptive Intrusion Detection Alert Classifier for High Speed Networks

With the emergence of High Speed Network (HSN), the manual intrusion alert detection become an extremely laborious and time-consuming task since it requires an experienced skilled staff in security fields and need a deep analysis. In addition, the batch model of alert management is no longer adequate given that labeling is a continuous time process since incoming intrusion alerts are often collected continuously in time. Furthermore, the static model is no longer appropriate due to the fluctuation nature of the number of alerts incurred by Internet traffic fluctuation nature. This paper proposes an efficient real time adaptive intrusion detection alert classifier dedicated for high speed network. Our classifier is based an online self-trained SVM algorithm with several learning strategies and execution modes. We evaluate our classifier against three different data-sets and the performance study shows an excellent results in term of accuracy and efficiency. The predictive local learning strategy presents a good tradeoff between accuracy and time processing. In addition, it does not involve a human intervention which make it an excellent solution that satisfy high speed network alert management challenges.