Abstract
We propose an intrusion detection alert classifier based on a discriminative machine learning approach satisfying highspeed networks constraints. We mainly address the huge number of alerts and the high level rate of false ones produced in such environment. The classifier is based on online-adaptive support vector machine schemes. We demonstrate the utility of the developed method through extensive simulations and experiments against three data sets. Our intrusion alert classifier is crucial for forensics expert alert analysis and security threats understanding. It assists in taking the appropriate defensive and investigative actions, and therefore, it enhances the forensics readiness process. Copyright (C) 2015 John Wiley & Sons, Ltd.