All Title Author
Keywords Abstract

Research of Intelligent Rule-base Based on Multilayer Intrusion Detection

DOI: 10.4304/jcp.4.6.453-460

Keywords: Misuse detection , Anomaly detection , Intelligent rule-base

Full-Text   Cite this paper   Add to My Lib


This paper presents a method to establish a rulebase based on multilayer intrusion detection. This rulebase contains two parts: the rulebase based on IP layer intrusion detection and the rulebase based on application layer intrusion detection. The former adopts a mixed quadratic network statistical model to test network traffic which has performances of dynamic principle and low False Positive Probability ( FPP) and low False Negative Probability ( FNP), and the rulebase is established using the twice-aggregation method. The latter is established by improved Snort. The simulation has proved that this intelligent rulebase can improve detection rate and ability to a large degree, and has low FPP and FNP.


comments powered by Disqus