Shudong Li, Danyi Qin, Xiaobo Wu, Juan Li, Baohui Li, Weihong Han
{"title":"False Alert Detection Based on Deep Learning and Machine Learning","authors":"Shudong Li, Danyi Qin, Xiaobo Wu, Juan Li, Baohui Li, Weihong Han","doi":"10.4018/ijswis.297035","DOIUrl":null,"url":null,"abstract":"Among the large number of network attack alerts generated every day, actual security incidents are usually overwhelmed by a large number of redundant alerts. Therefore, how to remove these redundant alerts in real time and improve the quality of alerts is an urgent problem to be solved in large-scale network security protection. This paper uses the method of combining machine learning and deep learning to improve the effect of false alarm detection and then more accurately identify real alarms, that is, in the process of training the model, the features of a hidden layer output of the DNN model are used as input to train the machine learning model. In order to verify the proposed method, we use the marked alert data to do classification experiments, and finally use the accuracy recall rate, precision, and F1 value to evaluate the model. Good results have been obtained.","PeriodicalId":54934,"journal":{"name":"International Journal on Semantic Web and Information Systems","volume":"23 1","pages":"1-21"},"PeriodicalIF":4.1000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal on Semantic Web and Information Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.4018/ijswis.297035","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 19
Abstract
Among the large number of network attack alerts generated every day, actual security incidents are usually overwhelmed by a large number of redundant alerts. Therefore, how to remove these redundant alerts in real time and improve the quality of alerts is an urgent problem to be solved in large-scale network security protection. This paper uses the method of combining machine learning and deep learning to improve the effect of false alarm detection and then more accurately identify real alarms, that is, in the process of training the model, the features of a hidden layer output of the DNN model are used as input to train the machine learning model. In order to verify the proposed method, we use the marked alert data to do classification experiments, and finally use the accuracy recall rate, precision, and F1 value to evaluate the model. Good results have been obtained.
期刊介绍:
The International Journal on Semantic Web and Information Systems (IJSWIS) promotes a knowledge transfer channel where academics, practitioners, and researchers can discuss, analyze, criticize, synthesize, communicate, elaborate, and simplify the more-than-promising technology of the semantic Web in the context of information systems. The journal aims to establish value-adding knowledge transfer and personal development channels in three distinctive areas: academia, industry, and government.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
