JOURNAL OF COMPUTERS (JCP)
ISSN : 1796-203X
Volume : 4 Issue : 6 Date : June 2009
Research of Intelligent Rule-base Based on Multilayer Intrusion Detection
Zhixin Sun and Lin Jiao
Page(s): 453-460
Full Text: PDF (504 KB)
Abstract
This paper presents a method to establish a rulebase based on multilayer intrusion detection. This
rulebase contains two parts: the rulebase based on IP layer intrusion detection and the rulebase
based on application layer intrusion detection. The former adopts a mixed quadratic network
statistical model to test network traffic which has performances of dynamic principle and low False
Positive Probability ( FPP) and low False Negative Probability ( FNP), and the rulebase is
established using the twice-aggregation method. The latter is established by improved Snort. The
simulation has proved that this intelligent rulebase can improve detection rate and ability to a large
degree, and has low FPP and FNP.
Index Terms
Misuse detection, Anomaly detection, Intelligent rule-base
ISSN : 1796-203X
Volume : 4 Issue : 6 Date : June 2009
Research of Intelligent Rule-base Based on Multilayer Intrusion Detection
Zhixin Sun and Lin Jiao
Page(s): 453-460
Full Text: PDF (504 KB)
Abstract
This paper presents a method to establish a rulebase based on multilayer intrusion detection. This
rulebase contains two parts: the rulebase based on IP layer intrusion detection and the rulebase
based on application layer intrusion detection. The former adopts a mixed quadratic network
statistical model to test network traffic which has performances of dynamic principle and low False
Positive Probability ( FPP) and low False Negative Probability ( FNP), and the rulebase is
established using the twice-aggregation method. The latter is established by improved Snort. The
simulation has proved that this intelligent rulebase can improve detection rate and ability to a large
degree, and has low FPP and FNP.
Index Terms
Misuse detection, Anomaly detection, Intelligent rule-base
