Performance enhancement of Intrusion Detection Systems using advances in sensor fusion

Various intrusion detection systems reported in literature have shown distinct preferences for detecting a certain class of attacks with improved accuracy, while performing moderately on the other classes. With the advances in sensor fusion, it has become possible to obtain a more reliable and accurate decision for a wider class of attacks, by combining the decisions of multiple intrusion detection systems. In this paper, an architecture using data-dependent decision fusion is proposed. The method gathers an in-depth understanding about the input traffic and also the behavior of the individual intrusion detection systems by means of a neural network supervised learner unit. This information is used to fine-tune the fusion unit, since the fusion depends on the input feature vector. For illustrative purposes, three intrusion detection systems namely PHAD, ALAD, and Snort have been considered using the DARPA 1999 dataset in order to validate the proposed architecture. The overall performance of the proposed sensor fusion system shows considerable improvement with respect to the performance of individual intrusion detection systems.