Modified evidence theory for performance enhancement of Intrusion Detection Systems

Author

Thomas, Ciza ; Balakrishnan, N.

Author_Institution

SERC, Indian Inst. of Sci., Bangalore

fYear

2008

fDate

June 30 2008-July 3 2008

Firstpage

1

Lastpage

8

Abstract

Sensor fusion using heterogeneous intrusion detection systems are employed to aggregate different views of the same event in order to improve the detection through detector reinforcement or complementarity. The fusion technique proposed in this paper is expected to combine the intrusion detection system outputs with subjective judgements. In this paper, a new evidence model which is an extension and improvement of the classical Dempster-Shafer theory is proposed. The feasibility of this method is demonstrated via an analysis case study with several simulated detectors using the replayed DARPA data set. The experimental results are validated and a discussion on why and how the new model is useful is provided. The result shows an improvement in the probability of detection along with a reduction in the false alarm rate with the proposed fusion algorithm.

Keywords

inference mechanisms; security of data; sensor fusion; DARPA data set; Dempster-Shafer theory; evidence theory; fusion algorithm; intrusion detection systems; performance enhancement; subjective judgements; Dempster-Shafer (DS) method; Intrusion Detection Systems(IDS); Sensor Fusion; belief; conjunctive operator; context-dependent operator; dipolarity; disjunctive operator; idempotence; ignorance; plausibility; quasi-associativity; uncertainty;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Fusion, 2008 11th International Conference on

Conference_Location

Cologne

Print_ISBN

978-3-8007-3092-6

Electronic_ISBN

978-3-00-024883-2

Type

conf

Filename

4632423