| With the development of computer networks and the popularization of their applications, more attentions have been paid on the computer sercurity problems. As an important tool assuring computer and networks security, intrusion detection technology has become a hot researching point in recent years. With the complexity of the attacks and the development of networks scale, network-based intrusion detection plays increasingly a more important role in detecting intrusions. Network intrusion detection system (Abbr. NIDS), which performs a series of tasks including monitoring, early warning, identification, decision-making and response, can complete the important functions of network system confrontation. It is an important component of network security systematic project.At present, network anomaly intrusion detection is still of active and difficult field in the research of intrusion detection. However, it has not been widely used in practice due to some issues, which includes lower detecting rate, limited detecting range and lack of performing real-time intrusion detection in large and high speed networks. Network anomaly intrusion detection technology based on Dempster-Shafer(Abbr. D-S) evidence theory, which is of unsupervised network intrusion detection, has attracted lots of researchers. But most of them stay in the application of the classical D-S evidence theory which indeed can not make better fusions for some severely conflicted networks data so that it results in higher false alarm rate and higher omitted alarm rate.Based on the classical D-S evidence theory and an extended D-S evidence fusion theory proposed by Fabio et al, this paper presents a novel evidence fusion algorithm named EDS which can finish better evidence fusions for severely conflicted data so as to get more reasonable results. The time complexity of EDS is only of O(n) so that it can be applied to real-time detection because of its short excution cycle. Following this EDS is imported into NIDS and then a real-time NEDS model is advanced based on it. The Model can get more reasonable conclusions for severely conflicted networks data so that it reduces false alarm rate and omitted alarm rate. Besides it has a wide range of intrusion detection and can be adapted for real-time network detection. It is of unsupervised network anomaly detector which defines the probability assignment function based on the deviation from expected variance of statistical characteristics. In addition, a rough sets'classification mechanism of light-remarkable features is produced to ruduce the frequency of the severely conflicted network data and to enhance the accuracy of feature learning process. A self-adaptive mechanism based on the data distinction is also proposed to reflect the real status of networks data flows.Finally, according to the result of the experiments with UCI WBCD few-dimensional dataset and KDD Cup1999 multi -dimensional dataset, it shows that the detecting engine of the model can achive higher detection rate with several selected features under the premise of lower computational complexity and lower false alarm rate. Furthermore, it can be applied to real-time detection and immune from new pattern intrusions. |
PDF Full Text Request