Abstract To solve the problem that current intrusion detection model needs large-scale data in formulating the model in real-time use, an intrusion detection system model based on grey theory (GTIDS) is presented. Grey theory has merits of fewer requirements on original data scale, less limitation of the distribution pattern and simpler algorithm in modeling. With these merits GTIDS constructs model according to partial time sequence for rapid detect on intrusive act in secure system. In this detection model rate of false drop and false retrieval are effectively reduced through twice modeling and repeated detect on target data. Furthermore, GTIDS framework and specific process of modeling algorithm are presented. The affactivity of GTIDS is proved through emulated experiments comparing snort and next-generation intrusion detection expert system (NIDES) in SRI international.
[1]
Stefanos Manganaris,et al.
A Data Mining Analysis of RTID Alarms
,
2000,
Recent Advances in Intrusion Detection.
[2]
E. Amoroso.
Intrusion Detection
,
1999
.
[3]
Stephanie Forrest,et al.
Infect Recognize Destroy
,
1996
.
[4]
Kymie M. C. Tan,et al.
Benchmarking anomaly-based detection systems
,
2000,
Proceeding International Conference on Dependable Systems and Networks. DSN 2000.
[5]
Christopher Krügel,et al.
Distributed Pattern Detection for Intrusion Detection
,
2002,
NDSS.
[6]
Jiang Jian,et al.
A Survey of Intrusion Detection Research on Network Security
,
2000
.
[7]
Chen Bo.
A Security Defense System Framework
,
2003
.