Title :
Distributed intrusion detection system based on data fusion method
Author :
Wang, Yong ; Yang, Huihua ; Wang, Xingyu ; Zhang, Ruixia
Author_Institution :
East China Univ. of Sci. & Technol., Shanghai, China
Abstract :
Intrusion detection system (IDS) plays a critical role in information security because it provides the last line protection for those protected hosts or networks when intruders elude the first line. In this paper, we present a novel distributed intrusion detection system, which uses the Dempster-Shafer´s theory of evidence to fuse local information. Our approach is composed of 2 layers: the lower layer consists of both host and network based sensors, which are specifically designed to collect local features and make local decisions to differentiate those easy-to-detect attacks; the upper layer is a fusion control center, it makes global decisions on those locally uncertain events by adopting Dempster´s combination rule. Our approach gains the advantages of both host and network based intrusion methods, and can practice both rule-based and anomaly detection. A simulation is carried out and result shows that the multi-sensor data fusion model performs much better than single sensor.
Keywords :
distributed processing; inference mechanisms; knowledge based systems; security of data; sensor fusion; uncertainty handling; Dempster-Shafer theory; anomaly detection; combination rule; distributed intrusion detection system; fusion control; information fusion; information security; multisensor data fusion model; rule based detection; Computational modeling; Computer networks; Computer security; Data security; Fuses; Information security; Intrusion detection; Protection; Sensor fusion; Sensor phenomena and characterization;
Conference_Titel :
Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on
Print_ISBN :
0-7803-8273-0
DOI :
10.1109/WCICA.2004.1342330
