Research Of Intrusion Detection Systems Base On Data Fusion Technology

With the extensive application of information technology and computer network, information and network security become more critical. Following the application of Firewall, VPN, Data Encryption and other traditional security measures, the intrusion detection technology has become a new generation of security technology. As a network security technology, intrusion detection provides real-time monitoring including internal attacks, external attacks and misoperation , which can intercept the intrusion before systems and networks are endangered. But now most of the intrusion detection systems have some problems, such as isolated alarm, high positive error rate, low detection rate and other issues. Therefore, how to resolve these problems becomes one of the hot topics in the security field.Data fusion is a continuous process dealing with the data association, correlation, and combination of information from multiple sources. This process is used to achieve refined condition estimation of machinery and to complete timely situation assessment and threat assessment. The data fusion algorithm and fusion efficiency still need to be improved.This paper analyzes the current status of intrusion detection technology and data fusion technology, aim at the shortcomings of current intrusion detection systems, we bring the data fusion technology into distributed intrusion detection systems, and put forward a suitable model of distributed intrusion detection systems base on data fusion. This model completes the functions of alarm data gathering, alarm data preprocessing, alarm data fusing, attack attempts analysing, situation assessing and threat assessing separately through the multi-level processing of data fusion.This paper primarily designs and achieves data fusion algorithms for functional requirements at data preprocessing layer and data fusion layer. Brings an adaptive alert fusion approach into data preprocessing layer to reduce the quantity of alert data on single IDS and improve the adaptability of systems; brings an algorithm based on fuzzy comprehensive evaluation into alarm data gathering layer to reduce false positive alerts and duplicate alerts. The accuracy rate will be improved significantly by using the confidence learning method. The experiments show that the algorithm is effective to reduce alert data and reduce false positive alerts detection correct rate.