Application And Research Of Data Fusion In Distributed Intrusion Detection

With the extensive application of computer networks and information technology,the security of information and network system is becoming exceedingly critical.Following the firewall,data encryption,VPN,data encryption and other traditonal security measures,Intrusion Detection is a new technotgy of protecting the safety and security of netwrok.As one kind technology to actively protect the security of network,it provides real-time detection of outside network and intranet attacks and misuses,snipes and responds of the attacks before the system si disserved. But,as the scale of Network continuously expands and the architecture of network complicates,facing large-scale and distributed attacks, intrusion detection which is based on the tradtional single technology has been unable to meet the needs of system security.Current Intrusion Detection System(IDS)have some problems,for example,high positive error rate,too much alert information redundancy shortages,and can not detect complex multi-step attacks from different time.So,how to solve these problems has become one of the hot issuses in Information Security field.Data fusion is a continuous process dealing with the association, correlation,and combination of information from multiple sources.This process is used to achieve refined condition estimation of machinery and to complete timely assessments of resulting consequences and their significance.Now,data fusion technology is successfully applied to the militray affairs,geology,medicine and other fields,but in intrusion detection field is still in the phase of theoretical research.The paper analyzes the present researching status of intursion detection system and data fusion technology.In terms of the inadequacy of current intrusion detection system,the author applies the data fusion technology to distributed intrusion detection,thoroughly researches serveral classic data fusion models,puts forward a alert data fusion model suitable for distributed intrusion detection.The model also adopts the multi-level data processing with responsibility for the alert refinement,alert fusion,attack analysis,situation assessment and threat assessment,etc...And it can dynamically feedback and adjust the various detection components in the network to strengthen the detection of the data which relates to the attack attempt,thereby improving the efficiency of IDS detection,suppression massive alert,reducation false alert.In terms of the functional requirements of alert fusion module, the paper also designed and implemented an alert data fusion algorithm. Fuzzy Comprehensive Evaluation is applied in this algorithm for calculating the correlation degree between the alarms,through associating the alerts belonged to the same attack together to form a chronological alert sequence that can provide an effective source of data for reconstruction of attack scence.Then through experiments show that the algorithm is effective to reduce redundancy alerts and false alerts,improve detection correct rate.In conclusion,the author summarizes the research and presents the next phase of the research.