A Framework for Improving Intrusion Detection Systems by Combining Artificial Intelligence and Situational Awareness

Abstract

The vast majority of companies do not have the requisite tools and analysis to make use of the data obtained from security incidents in order to protect themselves from attacks and lower their risk. Intrusion Detection Systems (IDS) are deployed by numerous businesses to lessen the impact of network attacks. This is mostly attributable to the fact that these systems are able to provide a situational picture of network traffic regardless of the method or technology that is used to generate alerts. In this paper, a framework is proposed for improving the performance of contemporary IDSs by incorporating Artificial Intelligence (AI) into multiple layers, presenting the appropriate abstraction and accumulation of information, and generating valuable logs and metrics for security analysts to use in order to make the most informed decisions possible. This is further enabled by including Situational Awareness (SA) at the fundamental levels of the framework. Keywords: Intrusion Detection System, Machine Learning, Deep Learning, Shallow Learning, Security Operation Center, Situational Awarenes