计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (18): 113-114.

• 网络、通信、安全 • 上一篇    下一篇

基于D-S证据理论的入侵检测模型

龚琼瑶1,丁 宏1,孔 霆2   

  1. 1.杭州电子科技大学 计算机学院,杭州 310018
    2.浙江警察学院 实验中心,杭州 310053
  • 收稿日期:2007-09-20 修回日期:2007-11-30 出版日期:2008-06-21 发布日期:2008-06-21
  • 通讯作者: 龚琼瑶

Intrusion detection model based on D-S evidence theory

GONG Qiong-yao1,DING Hong1,KONG Ting2   

  1. 1.School of Computer,Hangzhou Dianzi University,Hangzhou 310018,China
    2.Zhejiang Police College,Hangzhou 310053,China
  • Received:2007-09-20 Revised:2007-11-30 Online:2008-06-21 Published:2008-06-21
  • Contact: GONG Qiong-yao

摘要: 将数据融合理论引入到入侵检测过程,提出基于数据融合的入侵检测系统模型,并在系统模型的实现过程中应用了多Agent技术,使整个模型具有良好的扩展性。在聚类、合并、关联的数据融合过程中应用了D-S证据理论,在一定程度上解决当前入侵检测系统中存在的告警洪流、误报率高、告警之间的关联性差等问题,提高了分布式入侵检测系统的检测性能。

Abstract: This article introduces the data fusion theory into the intrusion detection process,proposes an intrusion detection system model based on the data fusion,and has applied the multi- Agent technology in the system model realization process,enable the entire model having the good extension.In the data fusion process of clustering,merging and associating this article applies the D-S evidence theory,solves the problems of warning onrush,high false reporting rate,inferior question between the warning association which existed in the current intrusion detection system,enhances the detection performance of the distributing intrusion detection system.