ISSN : 1796-203X
Volume : 4    Issue : 6    Date : June 2009

Research of Intelligent Rule-base Based on Multilayer Intrusion Detection
Zhixin Sun and Lin Jiao
Page(s): 453-460
Full Text:
PDF (504 KB)

This paper presents a method to establish a rulebase based on multilayer intrusion detection. This
rulebase contains two parts: the rulebase based on IP layer intrusion detection and the rulebase
based on application layer intrusion detection. The former adopts a mixed quadratic network
statistical model to test network traffic which has performances of dynamic principle and low False
Positive Probability ( FPP) and low False Negative Probability ( FNP), and the rulebase is
established using the twice-aggregation method. The latter is established by improved Snort. The
simulation has proved that this intelligent rulebase can improve detection rate and ability to a large
degree, and has low FPP and FNP.

Index Terms
Misuse detection, Anomaly detection, Intelligent rule-base