Danger model-based three-level-module intrusion detection system
基于危险模型的三级模块式入侵检测系统

Based on Danger theory and data fusion technology, a new Danger model-inspired three-level-module intrusion detection system was presented. Also, an adaptive decision templates algorithm was derived, realizing the online automatic regulation on detection templates. There are two characteristics of the system. First, when it is difficult to distinguish current behaviors according to the present knowledge, this system will discriminate them by means of danger signals, thus false alarms are reduced and the ability of identifying novel attacks is enhanced. Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating, which enables the system to be adapted to a changing environment, and also increases the accuracy on unknown attacks. Experimental results on test data from KDD-CUP-99 database were reported to show the effectiveness of this system.