A three-level-module adaptive intrusion detection system

Lin Hui Zhao; Yumin Wang; Jing Xiao; Ya Ping Dai; Fang Yan Dong; Hai Le Liu

doi:10.1109/ICNSC.2007.372890

A three-level-module adaptive intrusion detection system

Lin Hui Zhao^*, Yumin Wang, Jing Xiao, Ya Ping Dai, Fang Yan Dong, Hai Le Liu

^*Corresponding author for this work

School of Automation

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Citations (Scopus)

Abstract

Based on the Danger theory, the immune network theory and the decision templates fusion algorithm, a three-level-module adaptive intrusion detection system (TAIDS) is presented in this paper. To consider the effect of danger signals, the results of decision templates algorithm are redefined by adding a kind of suspicion signal. So, the detection templates should be modified online, and a template-adjustable adaptive decision fusion algorithm is proposed. There are two benefits in the TAIDS. First, when it is difficult to distinguish current behaviors depending on familiar features, The TAIDS will discriminate them by means of danger theory, making false alarms reduced and the ability of identifying novel attacks enhanced Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating. Experiments are carried out on KDD-CUP-99 database to verify the performance of this system. The false positive rate is 2.27%,and the accuracies on known attacks and on unknown attacks are respectively 97.67% and 98.75%.

Original language	English
Title of host publication	2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07
Pages	840-845
Number of pages	6
DOIs	https://doi.org/10.1109/ICNSC.2007.372890
Publication status	Published - 2007
Event	2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07 - London, United Kingdom Duration: 15 Apr 2007 → 17 Apr 2007

Publication series

Name	2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07

Conference

Conference	2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07
Country/Territory	United Kingdom
City	London
Period	15/04/07 → 17/04/07

Keywords

Danger theory
Data fusion algorithm
Intrusion detection

Access to Document

10.1109/ICNSC.2007.372890

Cite this

Zhao, L. H., Wang, Y., Xiao, J., Dai, Y. P., Dong, F. Y., & Liu, H. L. (2007). A three-level-module adaptive intrusion detection system. In 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07 (pp. 840-845). Article 4239103 (2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07). https://doi.org/10.1109/ICNSC.2007.372890

@inproceedings{15a9ee63aeff4ce7ad1693401eb7c20c,

title = "A three-level-module adaptive intrusion detection system",

abstract = "Based on the Danger theory, the immune network theory and the decision templates fusion algorithm, a three-level-module adaptive intrusion detection system (TAIDS) is presented in this paper. To consider the effect of danger signals, the results of decision templates algorithm are redefined by adding a kind of suspicion signal. So, the detection templates should be modified online, and a template-adjustable adaptive decision fusion algorithm is proposed. There are two benefits in the TAIDS. First, when it is difficult to distinguish current behaviors depending on familiar features, The TAIDS will discriminate them by means of danger theory, making false alarms reduced and the ability of identifying novel attacks enhanced Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating. Experiments are carried out on KDD-CUP-99 database to verify the performance of this system. The false positive rate is 2.27%,and the accuracies on known attacks and on unknown attacks are respectively 97.67% and 98.75%.",

keywords = "Danger theory, Data fusion algorithm, Intrusion detection",

author = "Zhao, {Lin Hui} and Yumin Wang and Jing Xiao and Dai, {Ya Ping} and Dong, {Fang Yan} and Liu, {Hai Le}",

year = "2007",

doi = "10.1109/ICNSC.2007.372890",

language = "English",

isbn = "1424410762",

series = "2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07",

pages = "840--845",

booktitle = "2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07",

note = "2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07 ; Conference date: 15-04-2007 Through 17-04-2007",

}

Zhao, LH, Wang, Y, Xiao, J, Dai, YP, Dong, FY & Liu, HL 2007, A three-level-module adaptive intrusion detection system. in 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07., 4239103, 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07, pp. 840-845, 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07, London, United Kingdom, 15/04/07. https://doi.org/10.1109/ICNSC.2007.372890

A three-level-module adaptive intrusion detection system. / Zhao, Lin Hui; Wang, Yumin; Xiao, Jing et al.
2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07. 2007. p. 840-845 4239103 (2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A three-level-module adaptive intrusion detection system

AU - Zhao, Lin Hui

AU - Wang, Yumin

AU - Xiao, Jing

AU - Dai, Ya Ping

AU - Dong, Fang Yan

AU - Liu, Hai Le

PY - 2007

Y1 - 2007

N2 - Based on the Danger theory, the immune network theory and the decision templates fusion algorithm, a three-level-module adaptive intrusion detection system (TAIDS) is presented in this paper. To consider the effect of danger signals, the results of decision templates algorithm are redefined by adding a kind of suspicion signal. So, the detection templates should be modified online, and a template-adjustable adaptive decision fusion algorithm is proposed. There are two benefits in the TAIDS. First, when it is difficult to distinguish current behaviors depending on familiar features, The TAIDS will discriminate them by means of danger theory, making false alarms reduced and the ability of identifying novel attacks enhanced Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating. Experiments are carried out on KDD-CUP-99 database to verify the performance of this system. The false positive rate is 2.27%,and the accuracies on known attacks and on unknown attacks are respectively 97.67% and 98.75%.

AB - Based on the Danger theory, the immune network theory and the decision templates fusion algorithm, a three-level-module adaptive intrusion detection system (TAIDS) is presented in this paper. To consider the effect of danger signals, the results of decision templates algorithm are redefined by adding a kind of suspicion signal. So, the detection templates should be modified online, and a template-adjustable adaptive decision fusion algorithm is proposed. There are two benefits in the TAIDS. First, when it is difficult to distinguish current behaviors depending on familiar features, The TAIDS will discriminate them by means of danger theory, making false alarms reduced and the ability of identifying novel attacks enhanced Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating. Experiments are carried out on KDD-CUP-99 database to verify the performance of this system. The false positive rate is 2.27%,and the accuracies on known attacks and on unknown attacks are respectively 97.67% and 98.75%.

KW - Danger theory

KW - Data fusion algorithm

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=34748833420&partnerID=8YFLogxK

U2 - 10.1109/ICNSC.2007.372890

DO - 10.1109/ICNSC.2007.372890

M3 - Conference contribution

AN - SCOPUS:34748833420

SN - 1424410762

SN - 9781424410767

T3 - 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07

SP - 840

EP - 845

BT - 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07

T2 - 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07

Y2 - 15 April 2007 through 17 April 2007

ER -

A three-level-module adaptive intrusion detection system

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this