Fuzzy model tuning for Intrusion Detection Systems

Intrusion Detection System (IDS) detects ongoing intrusive activities in information systems. However, an IDS usually suffers high false alarm especially in a dynamically changing environment, which forces continuous tuning on its detection model to maintain sufficient performance. Currently, the manually tuning work greatly depends on the user to work out and integrate the tuning solution. We have developed an automatically tuning intrusion detection system (ATIDS). The experimental results show that when tuning is not delayed too long, the system can achieve about 20% improvement compared with the system without model tuner. But the user can only control whether the tuning should be performed by sending/blocking feedbacks. To give the user more powerful but intuitive control on the tuning, we develop a fuzzy model tuner, through which the user can tune the model fuzzily but yield much appropriate tuning. The results show the system can achieve about 23% improvement.