%0 Journal Article
%T Research of Intelligent Rule-base Based on Multilayer Intrusion Detection
%A Zhixin Sun
%A Lin Jiao
%J Journal of Computers
%D 2009
%I Academy Publisher
%R 10.4304/jcp.4.6.453-460
%X This paper presents a method to establish a rulebase based on multilayer intrusion detection. This rulebase contains two parts: the rulebase based on IP layer intrusion detection and the rulebase based on application layer intrusion detection. The former adopts a mixed quadratic network statistical model to test network traffic which has performances of dynamic principle and low False Positive Probability ( FPP) and low False Negative Probability ( FNP), and the rulebase is established using the twice-aggregation method. The latter is established by improved Snort. The simulation has proved that this intelligent rulebase can improve detection rate and ability to a large degree, and has low FPP and FNP.
%K Misuse detection
%K Anomaly detection
%K Intelligent rule-base
%U http://ojs.academypublisher.com/index.php/jcp/article/view/700