Adaptive Deep Clustering And Outlier Aware Framework For Reducing False Alerts In Web-Based Intrusion Detection Systems

Abstract

It is no marvel why Intrusion Detection Systems (IDS) are highly sought after in this age of online services that define the capabilities of enterprises. The current models usually break down in dynamic setting with elevated rates of false positive and false negative effectively, especially when the attack patterns are irregular or zero-day attacks. The paper has proposed an adaptive hybrid IDS framework that uses unsupervised deep learning and statistical based outlier detection in response to these limitations. Particularly, it combines three new modules such as Deep Contextual Clustering Algorithm (DCCA), Central Tendency Outlier Detection Algorithm (CTODA) and a Rule-Based Semantic Expansion Engine (RSEE). They combine to give a layered detection technique that compromises between behavioral learning and statistical accuracy and the interpretability of rules. The model was compared against NSL-KDD and KDD Cup 99 dataset and it was noted that the model reduced false alerts by a wide margin and the overall accuracy of the detection was 94%. Unlike stiff signature based systems, our framework dynamically adjusts to emerge threats, therefore it is much applicable in present-day cloud and web systems. The outcomes of the experiment confirm the generalizability of the model across the types of attacks, reduce fatigue among the analyzing experts, and provide the extended threat intelligence in real time.