DocumentCode
3270069
Title
Intrusion Detection Engine Based on Dempster-Shafer´s Theory of Evidence
Author
Hu, Wei ; Li, Jianhua ; Gao, Qiang
Author_Institution
Dept. of Electron. Eng., Shanghai Jiao Tong Univ.
Volume
3
fYear
2006
fDate
25-28 June 2006
Firstpage
1627
Lastpage
1631
Abstract
In the decision making process, the uncertainty existing in the network often leads to the failure of intrusion detection or low detection rate. The Dempster-Shafer´s theory of evidence in data fusion has solved the problem of how to analyze the uncertainty in a quantitative way. In the evaluation, the ingoing and outgoing traffic ratio and service rate are selected as the detection metrics, and the prior knowledge in the DDoS domain is proposed to assign probability to evidence. Furthermore, the combination rule is used to combine the data collected by two sensors. The curves of belief mass function varied with time are also shown in the paper. Finally, the analysis of experimental results proves the ID detection engine efficient and applicable. The conclusions provide us with the academic foundation for our future implementation
Keywords
computer network management; decision making; inference mechanisms; security of data; sensor fusion; uncertainty handling; Dempster-Shafer theory of evidence; belief mass function curves; combination rule; data collection; data fusion; decision making process; distributed-denial-of-service; intrusion detection engine; network uncertainty; service rate; traffic ratio; Bayesian methods; Data security; Engines; Intrusion detection; Knowledge management; Protocols; Telecommunication traffic; Traffic control; Training data; Uncertainty;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications, Circuits and Systems Proceedings, 2006 International Conference on
Conference_Location
Guilin
Print_ISBN
0-7803-9584-0
Electronic_ISBN
0-7803-9585-9
Type
conf
DOI
10.1109/ICCCAS.2006.284985
Filename
4064211
Link To Document