一种基于多参数的IDS决策过程研究

Research on Decision-Making of IDS with Multiple Parameters

  • 摘要: 讨论了将数据融合技术运用到入侵检测系统中的方法,并提出了一个基于数据融合技术的入侵检测机制-DFIDM。在该机制中,有多个检测器搜集系统日志文件、网络流量信息、网络数据包等数据,这些数据在通过了本地决策、数据提取和对象提取阶段等预处理过程之后,传送到融合中心进行决策,重点研究了决策过程所涉及的多参数问题。为此,系统设计了检测器可靠性、时间因素、空间因素等五个主要因素参与融合与决策。最后通过实验证明,采用了该机制的入侵检测系统具有更好的准确性。

     

    Abstract: This paper introduces a method of intrude detection based on data fusion, and presents a new mechanism-DFIDM. In DFIDM, a few of sensors are configured to collect data, such as log file, information of network traffics and data package of network. After some pretreatments such as local decision-making, Data refinement, and object refinement, these data will be transferred to fusion center. In this paper, we mainly research the multiple parameters of final decision-making, such as reliability of sensors, the factor of time, the factor of space. As it showed by the research result this mechanism can improve the veracity of IDS.

     

/

返回文章
返回