scholarly journals Statistical Considerations in Designing Tests of Mine Detection Systems: II - Measures Related to the False Alarm Rate

10.2172/1032 ◽  
1998 ◽  
Author(s):  
K.M. Simonson
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Mine Detection ◽  
Detection Systems

scholarly journals Security of Things Intrusion Detection System for Smart Healthcare

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1375
Author(s):  
Celestine Iwendi ◽  
Joseph Henry Anajemba ◽  
Cresantus Biamba ◽  
Desire Ngabo
Keyword(s):  
Genetic Algorithm ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Web Security ◽  
Intrusion Detection Systems ◽  
High Detection Rate ◽  
Detection Systems ◽  
Smart Healthcare

Web security plays a very crucial role in the Security of Things (SoT) paradigm for smart healthcare and will continue to be impactful in medical infrastructures in the near future. This paper addressed a key component of security-intrusion detection systems due to the number of web security attacks, which have increased dramatically in recent years in healthcare, as well as the privacy issues. Various intrusion-detection systems have been proposed in different works to detect cyber threats in smart healthcare and to identify network-based attacks and privacy violations. This study was carried out as a result of the limitations of the intrusion detection systems in responding to attacks and challenges and in implementing privacy control and attacks in the smart healthcare industry. The research proposed a machine learning support system that combined a Random Forest (RF) and a genetic algorithm: a feature optimization method that built new intrusion detection systems with a high detection rate and a more accurate false alarm rate. To optimize the functionality of our approach, a weighted genetic algorithm and RF were combined to generate the best subset of functionality that achieved a high detection rate and a low false alarm rate. This study used the NSL-KDD dataset to simultaneously classify RF, Naive Bayes (NB) and logistic regression classifiers for machine learning. The results confirmed the importance of optimizing functionality, which gave better results in terms of the false alarm rate, precision, detection rate, recall and F1 metrics. The combination of our genetic algorithm and RF models achieved a detection rate of 98.81% and a false alarm rate of 0.8%. This research raised awareness of privacy and authentication in the smart healthcare domain, wireless communications and privacy control and developed the necessary intelligent and efficient web system. Furthermore, the proposed algorithm was applied to examine the F1-score and precisionperformance as compared to the NSL-KDD and CSE-CIC-IDS2018 datasets using different scaling factors. The results showed that the proposed GA was greatly optimized, for which the average precision was optimized by 5.65% and the average F1-score by 8.2%.

scholarly journals The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽  
2020 ◽  
Vol 20 (9) ◽  
pp. 2559 ◽  
Author(s):  
Celestine Iwendi ◽  
Suleman Khan ◽  
Joseph Henry Anajemba ◽  
Mohit Mittal ◽  
Mamdouh Alenezi ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Detection System ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Ensemble Models ◽  
Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

scholarly journals On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks

2022 ◽  
Vol 12 (2) ◽  
pp. 852
Author(s):  
Jesús Díaz-Verdejo ◽  
Javier Muñoz-Calle ◽  
Antonio Estepa Alonso ◽  
Rafael Estepa Alonso ◽  
Germán Madinabeitia
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Real Life ◽  
Intrusion Detection Systems ◽  
Operational Environment ◽  
Detection Systems ◽  
Web Attacks ◽  
Trade Offs

Signature-based Intrusion Detection Systems (SIDS) play a crucial role within the arsenal of security components of most organizations. They can find traces of known attacks in the network traffic or host events for which patterns or signatures have been pre-established. SIDS include standard packages of detection rulesets, but only those rules suited to the operational environment should be activated for optimal performance. However, some organizations might skip this tuning process and instead activate default off-the-shelf rulesets without understanding its implications and trade-offs. In this work, we help gain insight into the consequences of using predefined rulesets in the performance of SIDS. We experimentally explore the performance of three SIDS in the context of web attacks. In particular, we gauge the detection rate obtained with predefined subsets of rules for Snort, ModSecurity and Nemesida using seven attack datasets. We also determine the precision and rate of alert generated by each detector in a real-life case using a large trace from a public webserver. Results show that the maximum detection rate achieved by the SIDS under test is insufficient to protect systems effectively and is lower than expected for known attacks. Our results also indicate that the choice of predefined settings activated on each detector strongly influences its detection capability and false alarm rate. Snort and ModSecurity scored either a very poor detection rate (activating the less-sensitive predefined ruleset) or a very poor precision (activating the full ruleset). We also found that using various SIDS for a cooperative decision can improve the precision or the detection rate, but not both. Consequently, it is necessary to reflect upon the role of these open-source SIDS with default configurations as core elements for protection in the context of web attacks. Finally, we provide an efficient method for systematically determining which rules deactivate from a ruleset to significantly reduce the false alarm rate for a target operational environment. We tested our approach using Snort’s ruleset in our real-life trace, increasing the precision from 0.015 to 1 in less than 16 h of work.

An Efficient Mixed Attribute Outlier Detection Method for Identifying Network Intrusions

2020 ◽  
Vol 14 (3) ◽  
pp. 115-133
Author(s):  
J. Rene Beulah ◽  
D. Shalini Punithavathani
Keyword(s):  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Vital Role ◽  
Training Data ◽  
Detection Systems ◽  
Normal Behavior ◽  
Network Intrusions ◽  
Testing Data ◽  
Selection Phase

Intrusion detection systems (IDS) play a vital role in protecting information systems from intruders. Anomaly-based IDS has established its effectiveness in identifying new and unseen attacks. It learns the normal usage pattern of a network and any event that significantly deviates from the normal behavior is signaled as an intrusion. The crucial challenge in anomaly-based IDS is to reduce false alarm rate. In this article, a clustering-based outlier detection (CBOD) approach is proposed for classifying normal and intrusive patterns. The proposed scheme operates in three modules: an improved hybrid feature selection phase that extracts the most relevant features, a training phase that learns the normal pattern in the training data by forming clusters, and a testing phase that identifies outliers in the testing data. The proposed method is applied for NSL-KDD benchmark dataset and the experimental results yielded a 97.84% detection rate (DR), a 1.88% false alarm rate (FAR), and a 97.96% classification accuracy (ACC). This proposal appears to be promising in terms of DR, FAR and ACC.

scholarly journals Machine Learning Approach to Combat False Alarms in Wireless Intrusion Detection System

2018 ◽  
Vol 11 (3) ◽  
pp. 67 ◽  
Author(s):  
D. Sudaroli Vijayakumar ◽  
S. Ganapathy
Keyword(s):  
Machine Learning ◽  
Wireless Networks ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Intrusion Detection Systems ◽  
False Alarms ◽  
Detection Systems ◽  
High Detection ◽  
False Alarm Rates

Wireless Networks facilitate the ease of communication for sharing the crucial information. Recently, most of the small and large-scale companies, educational institutions, government organizations, medical sectors, military and banking sectors are using the wireless networks. Security threats, a common term found both in wired as well as in wireless networks. However, it holds lot of importance in wireless networks because of its susceptible nature to threats. Security concerns in WLAN are studied and many organizations concluded that Wireless Intrusion Detection Systems (WIDS) is an essential element in network security infrastructure to monitor wireless activity for signs of attacks. However, it is an indisputable fact that the art of detecting attacks remains in its infancy. WIDS generally collect the activities within the protected network and analyze them to detect intrusions and generates an intrusion alarm. Irrespective of the different types of Intrusion Detection Systems, the major problems arising with WIDS is its inability to handle large volumes of alarms and more prone to false alarm attacks. Reducing the false alarms can improve the overall efficiency of the WIDS. Many techniques have been proposed in the literature to reduce the false alarm rates. However, most of the existing techniques are failed to provide desirable result and the high complexity to achieve high detection rate with less false alarm rates. This is the right time to propose a new technique for providing high detection accuracy with less false alarm rate. This paper made an extensive survey about the role of machine learning techniques to reduce the false alarm rate in WLAN IEEE 802.11. This survey proved that the substantial improvement has been achieved by reducing false alarm rate through machine learning algorithms. In addition to that, advancements specific to machine learning approaches is studied meticulously and a filtration technique is proposed.

Multiple faults detection and isolation approach applied to a kraft recovery boiler

TAPPI Journal ◽  
2014 ◽  
Vol 13 (1) ◽  
pp. 33-41
Author(s):  
YVON THARRAULT ◽  
MOULOUD AMAZOUZ
Keyword(s):  
Fault Detection ◽  
Early Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Principal Component ◽  
Fault Isolation ◽  
Fault Detection And Isolation ◽  
Detection Scheme ◽  
Multiple Faults ◽  
Recovery Boiler

Recovery boilers play a key role in chemical pulp mills. Early detection of defects, such as water leaks, in a recovery boiler is critical to the prevention of explosions, which can occur when water reaches the molten smelt bed of the boiler. Early detection is difficult to achieve because of the complexity and the multitude of recovery boiler operating parameters. Multiple faults can occur in multiple components of the boiler simultaneously, and an efficient and robust fault isolation method is needed. In this paper, we present a new fault detection and isolation scheme for multiple faults. The proposed approach is based on principal component analysis (PCA), a popular fault detection technique. For fault detection, the Mahalanobis distance with an exponentially weighted moving average filter to reduce the false alarm rate is used. This filter is used to adapt the sensitivity of the fault detection scheme versus false alarm rate. For fault isolation, the reconstruction-based contribution is used. To avoid a combinatorial excess of faulty scenarios related to multiple faults, an iterative approach is used. This new method was validated using real data from a pulp and paper mill in Canada. The results demonstrate that the proposed method can effectively detect sensor faults and water leakage.

Fuzzy ART Neural Network Model for Automated Detection of Freeway Incidents

1998 ◽  
Vol 1634 (1) ◽  
pp. 56-63 ◽  
Author(s):  
Sherif S. Ishak ◽  
Haitham M. Al-Deek
Keyword(s):  
Neural Networks ◽  
False Alarm ◽  
False Alarm Rate ◽  
Back Propagation ◽  
Incident Detection ◽  
Traffic Patterns ◽  
Traffic Pattern ◽  
Detection Algorithms ◽  
Fuzzy Art ◽  
Freeway Incidents

Pattern recognition techniques such as artificial neural networks continue to offer potential solutions to many of the existing problems associated with freeway incident-detection algorithms. This study focuses on the application of Fuzzy ART neural networks to incident detection on freeways. Unlike back-propagation models, Fuzzy ART is capable of fast, stable learning of recognition categories. It is an incremental approach that has the potential for on-line implementation. Fuzzy ART is trained with traffic patterns that are represented by 30-s loop-detector data of occupancy, speed, or a combination of both. Traffic patterns observed at the incident time and location are mapped to a group of categories. Each incident category maps incidents with similar traffic pattern characteristics, which are affected by the type and severity of the incident and the prevailing traffic conditions. Detection rate and false alarm rate are used to measure the performance of the Fuzzy ART algorithm. To reduce the false alarm rate that results from occasional misclassification of traffic patterns, a persistence time period of 3 min was arbitrarily selected. The algorithm performance improves when the temporal size of traffic patterns increases from one to two 30-s periods for all traffic parameters. An interesting finding is that the speed patterns produced better results than did the occupancy patterns. However, when combined, occupancy–speed patterns produced the best results. When compared with California algorithms 7 and 8, the Fuzzy ART model produced better performance.

Sign in / Sign up

Export Citation Format

Share Document