Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (22): 154-157.

• 网络、通信与安全 • Previous Articles     Next Articles

Intrusion detection based on obscure D-S evidence theory

ZHANG Qiu-yu,ZHANG Qi-kun,WANG Rui-fang   

  1. Department of Computer and Communication,Lanzhou University of Science and Technology,Lanzhou 730050,China

  • Received:1900-01-01 Revised:1900-01-01 Online:2007-08-01 Published:2007-08-01
  • Contact: ZHANG Qiu-yu

基于模糊D-S证据论的入侵检测

张秋余,张启坤,王锐芳   

  1. 兰州理工大学 计算机与通信学院,兰州 730050
  • 通讯作者: 张秋余

Abstract: Aiming at the behavior and characteristic of the computer execution of processes,take a rigorous analysis of the computer invaded based on the operation principles of the operating system.This method is to build state knowledge sources of appropriate granularity for the intrusion by using of Markov model and combine the prescriptive state knowledge sources based on the obscure dempster-shafter evidence theory.It can reduce the proportion of mistaken detection and that of missing detection of data of no exclusion hypothesis and undefined operation by the multi-sources data fusion.Through experimental analysis,this method improves the completeness and the accuracy of the invasion detection.

Key words: intrusion detection, Markov model, D-S evidence theory, data fusion

摘要: 根据操作系统的工作原理,对计算机执行程序的行为特征进行严密地入侵剖析。运用马尔可夫模型对计算机受到入侵时的状态建立合适粒度的状态知识源,采用模糊D-S证据论方法来融合所建立的状态知识源进行综合评判,解决了入侵检测过程多源数据融合常涉及到非排斥性假设和操作不确定性的数据所造成的误检和漏检率。经过实验分析,该方法有效地降低了误检和漏检率,提高了入侵检测的全面性和准确性。

关键词: 入侵检测, 马尔可夫模型, D-S证据理论, 数据融合