Skip to Main Content
The existing intrusion detection systems are of varied type and hence show distinct preferences in detecting certain types of attacks with improved accuracy, while performing moderately on the other types. With the advances in sensor fusion, it has become possible to obtain a more reliable and accurate decision for a wider class of attacks, by combining the decisions of multiple Intrusion detection systems. In this paper, an architecture using data-dependent decision fusion is proposed. The method gathers an in-depth understanding about the input traffic and also the behavior of the individual intrusion detection systems by means of a neural network supervised learner unit. This information is used to fine-tune the fusion unit, since the fusion depends on the input feature vector. For illustrative purposes three intrusion detection systems PHAD, ALAD, and Snort have been considered using the DARPA 1999 dataset in order to validate the proposed architecture. The overall performance of the proposed sensor fusion system shows considerable improvement in comparison to the performance of individual intrusion detection systems.
Date of Conference: 17-20 June 2008