MPhil Thesis Defence


"A Learning-based Approach to False Alarm Reduction for Signature-based
Intrusion Detection Systems"

By

Mr. Chun Hom Cheung


Abstract

Intrusion detection has become an important approach to computer and
network security. However, existing intrusion detection systems usually
generate too many alarm messages, most of which are in fact false alarms.
This problem has hindered the usefulness of intrusion detection systems in
practice.

In this thesis, we propose a learning-based approach to the substantial
reduction of false alarms while minimizing its effect on the true alarms
generated. Specifically, we have studied the problem under the inductive
learning, transductive learning, and active learning settings. With only
limited intrusion data available and significant differences between the
training and test data, we have found that neither inductive learning nor
transductive learning can give satisfactory results. We then move on to
formulate the problem under the active learning setting, where a small
amount of test data are manually labeled by human experts. Using a data
set from the DARPA99 intrusion detection system contest for our
experiments, we have obtained very satisfactory results. In particular, by
labeling only one to two percentage of the test data manually, we can
reduce the false alarm rate by about 30 times. We believe this pilot study
justifies for a new direction in intrusion detection research.


Date:				Wednesday, 4 February 2004

Time:				2:00p.m.-4:00p.m.

Venue:				Room 2404
				Lifts 17-18

Committee Members:		Prof. Dit-Yan Yeung (Supervisor)
				Prof. Qiang Yang (Chairman)
				Prof. Shing-Chi Cheung


**** ALL are Welcome ****