| Computer networking is one of the fastest growing technologies in our culture today, and it makes human life more convenient than before. But it is also a risk to use the convenient shared resources of network. So, the problems of network security are paid more attention to and become key points of research on network technology. The Intrusion Detection System (IDS) is a new-generation security technology after the use of traditional technology such as firewall and data encryption. The current IDS products can be divided into two major categories: Network-based IDS and Host-based IDS.As far as the traditional Intrusion Detection Systems (IDS) are concerned, there are some problems in practical application, for example the false positive rate and the false negative rate is high. A lot of the repeated alerts are resulted. However, we are difficult to obtain the integrated intrusion course and scenario from these alerts. Application of data fusion technique in intrusion detection is the development trend of next-generation Intrusion Detection System (IDS). Based on the multi-sensor data fusion technology, a new fusion model-IDSDFM (IDS Data Fusion Model) is presented in this paper. This model can merge alerts, which are produced by Network-based IDS, Host-based IDS and other security products such as firewall, generating the measures of the security situation, thus constituting the evidence. Current security situation of network is evaluated by applying the D-S Evidence Theory, and various IDSs of network are adjusted dynamically to strengthen the detection of the data, which relates to the attack attempt. Consequently, the detection efficiency of IDS is improved and false positive and false negative are effectively reduced. |
PDF Full Text Request