| The IDS works by two way, Misuse detection and Anomaly detection ,Misuse detection flags an intrusion on Intrusion signature , this kind of detecting technic can be realized much more easily ,and much more accurate , but it can not find some intrusiones that have been disguised or new kinds of intrusion. The Anomaly detection can detect in more wide field , Anomaly detection can compare new statistic data with average record , then Anomaly record will be found, but it's more difficult to set a threshold ,if the threshold is too big ,some intrusion may be put through ,if the threshold is too small , the IDS will give more false positive alarm , and the threshold will be different with different people or different period ,So the IDS just simply show us their suspicious record , the administrator or expert will be in duty to analyze this record and give conclusion , the IDS give more alarm than It should, leave us more detection record to analyze, and this is a hard work, we can not distinguish an intrusion or not if we analyze only one record , but we can judge if we find the relation among mass detection evidence . In this article ,we try distinguish an intrusion using D-S Theory (Proof Theory) instead using manual work , the IDS will be more helpful and efficient. |
PDF Full Text Request