Title :
Intrusion Detection Engine Based on Dempster-Shafer´s Theory of Evidence
Author :
Hu, Wei ; Li, Jianhua ; Gao, Qiang
Author_Institution :
Dept. of Electron. Eng., Shanghai Jiao Tong Univ.
Abstract :
In the decision making process, the uncertainty existing in the network often leads to the failure of intrusion detection or low detection rate. The Dempster-Shafer´s theory of evidence in data fusion has solved the problem of how to analyze the uncertainty in a quantitative way. In the evaluation, the ingoing and outgoing traffic ratio and service rate are selected as the detection metrics, and the prior knowledge in the DDoS domain is proposed to assign probability to evidence. Furthermore, the combination rule is used to combine the data collected by two sensors. The curves of belief mass function varied with time are also shown in the paper. Finally, the analysis of experimental results proves the ID detection engine efficient and applicable. The conclusions provide us with the academic foundation for our future implementation
Keywords :
computer network management; decision making; inference mechanisms; security of data; sensor fusion; uncertainty handling; Dempster-Shafer theory of evidence; belief mass function curves; combination rule; data collection; data fusion; decision making process; distributed-denial-of-service; intrusion detection engine; network uncertainty; service rate; traffic ratio; Bayesian methods; Data security; Engines; Intrusion detection; Knowledge management; Protocols; Telecommunication traffic; Traffic control; Training data; Uncertainty;
Conference_Titel :
Communications, Circuits and Systems Proceedings, 2006 International Conference on
Conference_Location :
Guilin
Print_ISBN :
0-7803-9584-0
Electronic_ISBN :
0-7803-9585-9
DOI :
10.1109/ICCCAS.2006.284985
