Abstract

Intrusion detection has become a challenging task with the rapid growth in numbers of computer users. The present-day technology requires an efficient method to detect intrusion in the computer network system. Intrusion detection system is a classifier which collects evidences for the presence of intrusion and raises an alarm for any abnormalities present. However, the use of intrusion detection system encounters two major drawbacks: higher false alarm rate and lower detection rate; these limit the detection performance of intrusion detection system. A prospective approach for improving performance is through the use of multiple sensors/intrusion detection system. Evidence theory is a mathematical theory of evidence which is used to fuse evidences from multiple sources of evidence and outputs a global decision. The work in this paper discusses the limitations and issues with evidence theory and proposes a modified framework for fusion of alarms of multiple intrusion detection systems.

Highlights

  • The technological advancement in computer network system and its related infrastructure is the reason for an increased occurrence rate of computer intrusions

  • The mere existence of conflict between the evidences provided by intrusion detection systems indicates the presence of an unreliable IDS which may cause the fusion result to be complementary from reality

  • To overcome the limitations of Dempster–Shafer rule, we propose a new fusion rule which is the modification of Shafer’s framework [11]

Read more

Summary

Introduction

The technological advancement in computer network system and its related infrastructure is the reason for an increased occurrence rate of computer intrusions. The work in this paper proposes a new fusion rule that incorporates reliability of evidence and efficiently handles the information for diverse IDS. The mere existence of conflict between the evidences provided by intrusion detection systems indicates the presence of an unreliable IDS which may cause the fusion result to be complementary from reality. Another approach for finding reliability is to relate reliability with the true alert rate of IDS. The reason behind such selection is that snort and suricata are signature-based intrusion detectors, while PHAD and NETAD are anomaly detectors Both types are complementary to one another which enhances the performance of fused IDS. Teardrop, pod, back, land, apache, udpstrom, mailbomb, processtable, Neptune

Results
Conclusion
38 Table 4 KDD’99 features list
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.