A method of eliminating false alarm based on deep learning

Abstract

Alarm data in intrusion detection system is mixed with a large amount of false alarm data, which brings great interference for network managers to analyze attack behavior. For a large deal of false alarm data in intrusion detection, this paper proposed an DBN construction method based on genetic operator improving the particle swarm, and used this DBN as a false alarm elimination classifier in IDS, firstly, using the improved particle swarm algorithm to search for the candidate network structure of DBN based on the fitness evaluation criteria, considering the candidate network structure with the optimal fitness as the final DBN network structure, secondly, using this DBN for false alarm elimination in intrusion detection. The experimental results showed that the average elimination rate of the proposed method is 5.54% and 2.9% higher than that of the SOM and KNN algorithms respectively, and the average misuse rate is 3.99% and 1.22% lower than that of the SOM and KNN algorithms respectively.