Intrusion Detection Engine Based on Dempster-Shafer's Theory of Evidence

In the decision making process, the uncertainty existing in the network often leads to the failure of intrusion detection or low detection rate. The Dempster-Shafer's theory of evidence in data fusion has solved the problem of how to analyze the uncertainty in a quantitative way. In the evaluation, the ingoing and outgoing traffic ratio and service rate are selected as the detection metrics, and the prior knowledge in the DDoS domain is proposed to assign probability to evidence. Furthermore, the combination rule is used to combine the data collected by two sensors. The curves of belief mass function varied with time are also shown in the paper. Finally, the analysis of experimental results proves the ID detection engine efficient and applicable. The conclusions provide us with the academic foundation for our future implementation

[1]  James Llinas,et al.  An introduction to multi-sensor data fusion , 1998, ISCAS '98. Proceedings of the 1998 IEEE International Symposium on Circuits and Systems (Cat. No.98CH36187).

[2]  Konstantina Papagiannaki,et al.  Traffic matrices: balancing measurements, inference and modeling , 2005, SIGMETRICS '05.

[3]  Basil S. Maglaris,et al.  Towards multisensor data fusion for DoS detection , 2004, SAC '04.

[4]  Xingyu Wang,et al.  Distributed intrusion detection system based on data fusion method , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[5]  Kari Sentz,et al.  Combination of Evidence in Dempster-Shafer Theory , 2002 .

[6]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[7]  Pascal Vasseur,et al.  Introduction to multi-sensor data fusion , 2004 .

[8]  Deborah A. Frincke,et al.  Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory , 2005, ACM-SE 43.

[9]  James Llinas,et al.  An introduction to multisensor data fusion , 1997, Proc. IEEE.

[10]  Catherine Ottlé,et al.  Multi-scale data fusion using Dempster-Shafer evidence theory , 2003 .

[11]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.