基于危险模型的三级模块式入侵检测系统

利用危险理论和数据融合技术，提出一种基于危险模型的三级模块式入侵检测系统，并在第三级模块中提出了一种自适应决策模板算法，实现了检测模板的在线自动修正。系统的优点在于：对于利用现有知识难以给出检测结果的情况，系统将根据是否有危险信号做出判断，不但可减少误报还能改善对未知攻击的识别能力；利用自适应决策模板算法，系统的检测模板能够在线调整，不需要定期更新，使系统能适应行为经常改变的环境，也因此提高了检测未知攻击的能力。基于KDD-CUP-99数据库的实验验证了系统的有效性。

Danger model-based three-level-module intrusion detection system

Based on Danger theory and data fusion technology, a new Danger model-inspired three-level-module intrusion detection system was presented. Also, an adaptive decision templates algorithm was derived, realizing the online automatic regulation on detection templates. There are two characteristics of the system. First, when it is difficult to distinguish current behaviors according to the present knowledge, this system will discriminate them by means of danger signals, thus false alarms are reduced and the ability of identifying novel attacks is enhanced. Second, the adaptive decision templates algorithm allows detection templates to modify dynamically without periodical updating, which enables the system to be adapted to a changing environment, and also increases the accuracy on unknown attacks. Experimental results on test data from KDD-CUP-99 database were reported to show the effectiveness of this system.