Skip to Main Content
Case representation is a key issue in case-based reasoning (CBR). This paper introduces a novel object-oriented model to represent cases and applies this technology to intrusion detection system (IDS) in order to solve the over-sensitive alarm problem which remains in most of the commercial IDSs. In this model we try to represent the complex case structural information through class hierarchy. The new method not only overcomes limitations that traditional attribute-value case representation can not represent complex cases, but also combines domain knowledge and case representation through constraint rules. In the aspect of case similarity, we divide it into two categories: the intra- class similarity and the inter-class similarity, which shows more accurate and convenient. The object-oriented case representation has been used in our own IDS product and it plays a quite efficient role in mitigating over-sensitive alarm problems.
Date of Conference: 1-3 June 2009