Wang Wei, Chen Xiuzhen, Guan Xiaohong, Zhang Xiangliang
(School of Electronics and Information Engineering, Xi'an Jiaotong University, Xi'an 710049, China)
Abstract: Aiming at detecting intrusions across-the-board and at
improving detection accuracy, a novel model of defense-in-depth adaptive intrusion
detection system (IDS) was presented. In this model, the behaviors in a computer system
are monitored according to the general order of the impact of the attacks and divided into
three layers including network behaviors, user behaviors and system behaviors. Various
methods are then applied to process the data streams from network packages, keystrokes,
audit trails, command sequences, file system and system calls obtained in the three layers
for intrusion detection. The monitoring decision on intrusion is made by combining the six
individual inferences based on information fusion technique. Based on the risk assessment
method proposed in this paper, an efficient adaptive policy is drawn as well for IDS to
reduce the expense of system resources. The model is tested and the results show that the
model presented is effective to detect intrusions and to balance the system security and
performance adaptively and dynamically. The model is promising as well in terms of
detection accuracy, system resource requirement and implementation in practice.
Keywords: intrusion detection; defense-in-depth; network security; information fusion