Hybridized Design For Feature Optimization and Reduction of Intrusion Detection Systems Alert in a Correlation Framework

The Intrusion Detection System (IDS) produces a large number of alerts. Many large organizations deploy numerous IDSs in their network, generating an even larger quantity of these alerts, where some are real or true alerts and several others are false positives. These alerts cause very severe complications for IDS and create difficulty for the security administrators to ascertain effective attacks and to carry out curative measures. The categorization of such alerts established on their level of attack is necessary to ascertain the most severe alerts and to minimize the time required for response. An improved hybridized model was developed to assess and reduce IDS alerts using the combination of the Genetic Algorithm (GA) and Support Vector Machine (SVM) Algorithm in a correlation framework. The model is subsequently referred to as GA-SVM Alert Correlation (GASAC) model in this study. Our model was established employing the object-oriented analysis and design software methodology and implemented with Java programming language. This study will be benefitted by cooperating with networked organizations since only real alerts will be generated in a way that security procedures can be quickly implemented to protect the system from both interior and exterior attacks