Research On Data Fusion Based Multi-Agent Intrusion Detection System

With the popularition of computer network, the information security becomes one of the worldwide toughest problems. The traditional security measures are facing severe challenge of large-scale distributed attacks, futher more, the diversification and intelligentize of hackers' attacks make it hard for single security measure to attain favourable detection result. Therefore, it becomes one of the hot spots in current research that how to combine multiplicate security measures to provide the network system more effective protection.The data fusion technology can fusion various of information to provide us more comprehensive and in-depth understand to the problem. So, there are many researches in this field, and the technology of fusion is applied to the geology, military affairs, medicine and other field. However, the fusion algorithms is so rigid for field requirement that it is hard to apply the algorithm that is used well in one domine to the others. More unfortunate, the research of data fusion in computer network security field seems to be awfully not enough.A data fusion based multi-agent intrusion detection system (DFBA) is proposed in this dissertation. Multiplicate detection measures are "fused" in this system, so that it has lower miss rate and false positive rate as well as better scalabilities and robust. According to the three-layer architecture of multi-sensor fusion, the detection is divided into three phases: the basic detection phase, information fusion phase and knowledge fusion phase. During the basic detection phase, multiplicate detection measures are applied to make the basic decision about all the system events; During the information fusion phase, an fusion algorithm is applied to "fuse" all the basic decision from the first phase; During the knowledge fusion phase, the "fused" decision is abstracted so that the security situation of the whole system is gained. Several algorithms are proposed in this dissertation, also, the validity and feasibility is proved by experiments.