Problem: Intrusion Detection Systems (IDS) are notorious for requiring extensive adjustment and tailoring for each specific network they are deployed on. Efforts are needed to reduce the large number of false positives that many signatures can generate. Analysts must spend a lot of time assessing alerts to determine whether or not they are true positives and, if so, whether or not they are also severe enough to warrant acting on those alerts. Signatures that generate too many false positives are often simply turned off to avoid the distractions and noise they generate. This leaves systems open to possible hidden attack vectors. Can we instead combine multiple weak, high-false-positive signatures to generate high value, low-false-positive strong indicators? Can we incorporate other knowledge to further reduce false positives, and point analysts to the events they truly need to focus on? Can we do this at scale, without requiring analysts to manually define the correlations? This project involves use of machine learning techniques to improve intrusion detection.

This is the problem. Write a literature review and include cited sources.