A Design And Implementation For An Uncertainty Reasoning Network Intrusion Detection System

This paper is designed to investigate the intrusion detection system. The concept of network security is introduced briefly, and the technology of current intrusion detection is analyzed. The thesis also discusses the development trends of IDS and the existing problem in network security.The idea of constructing IDS combining data integration and evidential reasoning is based on the current problem of high false alarm rate in IDS. In order to test the validity of detection algorithm which is based on the evidential reasoning, a small-scale integrated system is constructed.Based on the ideas of information integration and evidential reasoning, the IDS model is proposed. Multi-source detection information for the same network event is obtained through various detection means. Some improvements are made in the classic bayes classification algorithm forming a classification algorithm which is used as a basic algorithm for the sensor.Tentative research is made in order to solve the problem that the automation is hardly gained in the basic probability assignment in evidential reasoning. This paper proposes an automatic generating method of the basic probability assignment which is called evidence generating model.The integration algorithm is process and a general detection conclusion is drawn by making use of synthesis formula of Dempster-Shafer theory in evidential reasoning. The process of information integration is designed, and the evidential integration is processed using the evidential synthesis rules, then the property of events is decided using evidential decision-making rules, therefore the evidential reasoning algorithm of D-S theory is implemented. The feasibility of the evidential reasoning in IDS is validated through simulation experiment which reveals that the IDS based on the evidential reasoning can increase the detection accuracy and decrease the false alarm rate.This paper analyzes the algorithm for the key components of the Intrusion Detection system and makes some improvement. The tentative study of IDS based on the evidential reasoning has real-time effect, and the false alarm rate and false positive rate are reduced.