Font Size: a A A

Application And Research Of Data Fusion In Intrusion Detection System

Posted on:2010-08-24Degree:MasterType:Thesis
Country:ChinaCandidate:W Q GuoFull Text:PDF
GTID:2178330338476303Subject:Computer application technology
Abstract/Summary:PDF Full Text Request
As the network is showing features of multiplex, multi-service, multi-application and so on, it is very difficult for a single detection method and detection system to detect complex attacks, and it is necessary to integrate multi-detection or multi-detection system can effectively improve the detection accuracy. However, a variety of Intrusion Detection System in the testing process will produce a large amount of independent, original alerts, and because the characteristics of these alerts are massive and redundant, some of which are false alerts, causing it is hard to identify real attacks. So, how to solve these problems has become one of the hot spots in information security field.Data fusion is a continuous process dealing with the association, correlation, and combination of information from multiple sources .This process is used to achieve refined condition estimation of machinery and to complete timely assessments of resulting consequences and their significance. In terms of inadequacy of current intrusion detection system, the paper applies the data fusion technology to intrusion detection system and designs a data fusion model, which can process intrusion alerts based on the modularization and analyze the alerts by layers. First, after the model formats alerts by their properties and reduces the repetitive alerts, alerts are sent to the center console; Then, the model does global integration processing for the alerts by using the algorithm based on attribute similarity. In determining the correlation between alarts, the paper applies the fuzzy comprehensive method; Finally, the model correlates these alerts by using a correlation method based on analysis of attack intent and causal relationship. On the basis of the rule-based fuzzy cognitive map, this method can associate the invasion warning with security strategy and can also associate the intrusion alerts with the vulnerability and configuration of the computer system..Finally the model and the arithmetic have been tested by simulation experiment. Compared with the result, the model can deal effectively alerts, thus greatly reducing the number and false alert rate. The correlation method used in this paper can find the composite attacks successfully, and judge the consequences of them at every stage.
Keywords/Search Tags:Intrusion Detection System, Network Seurity, Data Fusion, Fuzzy Comprehensive, Alert Correlation, Fuzzy Cognitive Map
PDF Full Text Request
Related items