An Application of Simulated Annealing Algorithm in Model-Based Reasoning Intrusion Detection

It is needed to search among all the possible attack subsets and to match the events recorded in the audit trail. To make a decision about the realism of the hypothesis corresponding to a particular subset is difficult in model-based reasoning Intrusion Detection System. We present using Simulated Annealing(SA) algorithm to solve this NP-complete problem. Modeling a optimizing issue of attack detection first, and give the solve space, the target function, the creation of new solution and accept the standard, we got a reasonable cooling schedule. The parallelization of SA algorithm is also presented. The experiments indicate that the SA algorithm can improve the evolution speed and the abilities of seeking the global excellent result, and resolve to the efficiency problem of searching well.