Distributed intrusion detection system based on data fusion method

Author

Wang, Yong ; Yang, Huihua ; Wang, Xingyu ; Zhang, Ruixia

Author_Institution

East China Univ. of Sci. & Technol., Shanghai, China

Volume

5

fYear

2004

Firstpage

4331

Abstract

Intrusion detection system (IDS) plays a critical role in information security because it provides the last line protection for those protected hosts or networks when intruders elude the first line. In this paper, we present a novel distributed intrusion detection system, which uses the Dempster-Shafer´s theory of evidence to fuse local information. Our approach is composed of 2 layers: the lower layer consists of both host and network based sensors, which are specifically designed to collect local features and make local decisions to differentiate those easy-to-detect attacks; the upper layer is a fusion control center, it makes global decisions on those locally uncertain events by adopting Dempster´s combination rule. Our approach gains the advantages of both host and network based intrusion methods, and can practice both rule-based and anomaly detection. A simulation is carried out and result shows that the multi-sensor data fusion model performs much better than single sensor.

Keywords

distributed processing; inference mechanisms; knowledge based systems; security of data; sensor fusion; uncertainty handling; Dempster-Shafer theory; anomaly detection; combination rule; distributed intrusion detection system; fusion control; information fusion; information security; multisensor data fusion model; rule based detection; Computational modeling; Computer networks; Computer security; Data security; Fuses; Information security; Intrusion detection; Protection; Sensor fusion; Sensor phenomena and characterization;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on

Print_ISBN

0-7803-8273-0

Type

conf

DOI

10.1109/WCICA.2004.1342330

Filename

1342330