Enhancing Intrusion Detection Systems Using Intelligent False Alarm Filter

Intrusion Detection Systems (IDSs) have been widely implemented in various network environments as an essential component for current Information and Communications Technologies (ICT). However, false alarms are a big problem for these systems, in which a large number of IDS alarms, especially false positives, could be generated during their detection. This issue greatly decreases the effectiveness and the efficiency of an IDS and heavily increases the burden on analyzing real alarms. To mitigate this problem, in this chapter, the authors identify and analyze the reasons for causing this problem, present a survey through reviewing some related work in the aspect of false alarm reduction, and introduce a promising solution of constructing an intelligent false alarm filter to refine false alarms for an IDS.