Efficient Intrusion Detection Using Evidence Theory
This work addresses reliability issues in intrusion detection for computer and network security, representing an incremental improvement in the field.
The paper tackled the problem of handling sources' reliability in intrusion detection systems by proposing a novel contextual discounting method based on Dempster-Shafer theory, achieving performance that outperformed some state-of-the-art methods on the challenging KDDTest-21 dataset.
Intrusion Detection Systems (IDS) are now an essential element when it comes to securing computers and networks. Despite the huge research efforts done in the field, handling sources' reliability remains an open issue. To address this problem, this paper proposes a novel contextual discounting method based on sources' reliability and their distinguishing ability between normal and abnormal behavior. Dempster-Shafer theory, a general framework for reasoning under uncertainty, is used to construct an evidential classifier. The NSL-KDD dataset, a significantly revised and improved version of the existing KDDCUP'99 dataset, provides the basis for assessing the performance of our new detection approach. While giving comparable results on the KDDTest+ dataset, our approach outperformed some other state-of-the-art methods on the KDDTest-21 dataset which is more challenging.