Measuring intelligent false alarm reduction using an ROC curve-based approach in network intrusion detection

Currently, network intrusion detection systems (NIDSs) are being widely deployed in various network environment with the purpose of defending against network attacks. However, these systems can generate a large number of alarms especially false alarms during their detection procedure, which is a big problem that decreases the effectiveness and efficiency of their detection. To mitigate this issue, we have developed an intelligent false alarm filter to filter out false alarms by periodically selecting the most appropriate machine learning algorithm which conducts the best performance from an algorithm pool. To evaluate the best single-algorithm performance among several machine learning schemes, we utilized two measures (e.g., classification accuracy, precision of false alarm) to determine the best algorithm. In this paper, we mainly conduct a study of applying an ROC curve-based approach with cost analysis in our intelligent filter to further improve the decision quality. The experimental results show that by combining our defined ROC curve-based measure, namely relative expected cost, our developed filter can achieve a better outcome in the aspect of cost consideration.