Adaptive SVDD-based learning for false alarm reduction in intrusion detection

During the last decade the support vector data description (SVDD) has been used by researchers to develop anomaly-based intrusion detection systems (IDS), with the ultimate objective to design new efficient IDS that achieve higher detection rates together with lower rates of false alerts. However, most of these systems are generally evaluated during a short period without considering the dynamic aspect of the monitored environment. They are never experimented to test their behavior in long-term, namely after some long period of deployment. In this paper, we propose an adaptive SVDD-based learning approach that aims at continuously enhancing the performances of the SVDD classifier by refining the training dataset. This approach consists of periodically evaluating the classifier by an expert, and feedback in terms of false positives and confirmed attacks is used to update the training dataset. Experimental results using both refined training dataset and compromised dataset (dataset with mislabeling) have shown promising results.