Authors:
Guangsheng Feng
;
Huiqiang Wang
and
Qian Zhao
Affiliation:
College of Computer Science and Technology, Harbin Engineering University, China
Keyword(s):
Intrusion detection systems, Dempster-Shafer theory, data fusion, classification.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Intrusion Detection and Response
;
Network Systems, Proxies and Servers
;
Web Information Systems and Technologies
Abstract:
As the number of the alarms is increasingly growing, which are generated by intrusion detection systems (IDS), automatic tools for classification have been proposed to fulfil the requirements of the huge volume of alarms. In addition, it has been shown that an accurate classification requires the evidences from different sources, such as different IDS. Further more, Dempster-Shafer theory is a powerful tool in dealing with the uncertainty information. This paper proposes multiple-level classification model, which aims to classify the large sizes of alarms exactly. Experimental results show that this approach has an outstanding capability of classification. Especially it is quite effective in avoiding alarms grouped into the wrong classes in the case of short of evidences.