Skip to Main Content
In this paper, the constant false alarm rate (CFAR) detectors are proposed for network intrusion detection. By using an autoregressive system to model the network traffic, predictor error is shown to closely follow a Gaussian distribution. CFAR detector approaches are then developed on the prediction error distribution. In the present study, we consider the optimal CFAR, the cell-averaging CFAR, and the order statistics CFAR. The use of these CFAR techniques can significantly improve the detection performance. In addition, we propose the use of fusion of these CFAR detectors by using Dempster-Shafer and Bayesian techniques. Computer simulations based on the DARPA traffic data show that the proposed approach achieves higher detection probabilities than the conventional detection method. Even under different types of attacks, the intrusion detection performances based on the proposed CFAR detectors shows consistent improvement.