Reducing false positives through fuzzy alert correlation in collaborative intelligent intrusion detection systems — A review

As complete prevention of computer attacks is not possible, intrusion detection systems (IDS) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuse- and anomaly-based. A collaborative intelligent intrusion detection system (CIIDS) is proposed to include both methods, since it is concluded from recent research that the performance of an individual detection engine is rarely satisfactory. In particular, two main challenges in current collaborative intrusion detection systems (CIDSs) research are highlighted and reviewed: CIDS architectures and alert correlation algorithms. The focus will be on correlation of CIIDS alerts. At the end of the review, the paper suggests fuzzy logic and other AI techniques to be exploited to reduce the rate of false alarms while keeping the detection rate high. In conclusion, the paper highlights opportunities for an integrated solution to large-scale CIIDS.