A Clustering Data Fusion Method for Intrusion Detection System

The increasing advance in technological systems has several impacts that affect the security of information systems. The result of such progress leads to an exponential growth in the ability to generate and access to the information. Therefore, there is a need to have both appropriate and specific data. To achieve this goal, data fusion approaches are applied to analyze large scale of heterogeneous data in complex systems. The existing data fusion systems rely generally on human experts but they lack of training dataset for the fusion techniques. Thus, useful autonomous approach should be applied to fuse data automatically and accurately. In this paper, a decision fusion approach based on clustering technique is proposed. This technique enables the generation of composite attack scenarios by selecting events generated by analyzers while considering their efficiency to detect attacks using defined efficiency criteria. The general system architecture is presented to allocate the data fusion component within the network. Then, the core functioning and the characteristics of the data fusion component are presented.