An Integrated Decision System for Intrusion Detection

As the rapid growth of network attacking tools, patterns of network intrusion events change gradually. Although many researches have been proposed to analyze attackers´ behaviors to improve the detection rate, they still suffer in high false rate in intrusion detection. Therefore, an effective intrusion detection system (IDS) deployment requires carefully planning, preparation, prototyping, testing, and specialized training. So an integrated decision system that consists of three phases was proposed in this paper: Data Preprocessing Phase, Fusion Decision Phase and Data Callback Phase. In Data Preprocessing Phase, two data reduction strategies for IDS are performed efficiently. In Fusion Decision Phase, a dynamic decision and an ensemble technology is designed and performed. In Data Callback Phase, the testing data updated through adding the undetermined data. Our experiment demonstrates that, although the false rate of integrated decision system is not the best of the four approaches discussed, the false rate is so low, its positive rate is the best one of these four, and its training time and decision time is so short that our approach is feasible for online.