Alert Fusion of Intrusion Detection systems using Fuzzy Dempster shafer Theory

The Distributed intrusion detection systems are often used to enhance the performance and reliability of inference over single intrusion detection system. The Distributed IDS system uses a evidence theory to combine the evidences from multiple sources of information to make inference about the presence of an attack. The traditional evidence theory accounts for handling the uncertainty due to randomness. However, in the distributed IDS the inference provided by individual IDS are usually fuzzy in nature. The present work shows design of a framework for the fusion of alerts from multiple IDS involving both types of uncertainities. The modified framework is designed by incorporating fuzzy theory into the existing evidence theory and has been demonstrated against DARPA99 dataset.

[1]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[2]  Jack Koziol Intrusion Detection with Snort , 2003 .

[3]  Louella Colaco,et al.  Real Time Intrusion Detection and Prevention System , 2014, FICTA.

[4]  Ronald R. Yager,et al.  Approximate reasoning as a basis for rule-based expert systems , 1984, IEEE Transactions on Systems, Man, and Cybernetics.

[5]  Jianhua Li,et al.  Intrusion Detection Engine Based on Dempster-Shafer's Theory of Evidence , 2006, 2006 International Conference on Communications, Circuits and Systems.

[6]  Arthur P. Dempster,et al.  A Generalization of Bayesian Inference , 1968, Classic Works of the Dempster-Shafer Theory of Belief Functions.

[7]  Audun Jøsang,et al.  The consensus operator for combining beliefs , 2002, Artif. Intell..

[8]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[9]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[10]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[11]  Vishwas Sharma,et al.  Usefulness of DARPA dataset for intrusion detection system evaluation , 2008, SPIE Defense + Commercial Sensing.

[12]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[13]  J. Dezert,et al.  Information fusion based on new proportional conflict redistribution rules , 2005, 2005 7th International Conference on Information Fusion.