Network attack detection using Weighted Dempster-Shafer evidence theory
An Intrusion Detection System (IDS) identifies whether the input traffic is normal or an intrusive activity. To improve the performance of the IDS this paper proposes a classifier fusion algorithm, based on Weighted Dempster-Shafer theory. The highlight of this classifier fusion algorithm is, it considers the input data also in the final decision process by taking the product of weighted score and anomaly score as the Basic Probability Assignment (BPA) value for Weighted Dempster-Shafer theory. The proposed system has a multiple IDS unit (MIU) with five IDS, each having different algorithms of anomaly- based and misuse-based detection techniques. The selected features of input traffic data are passed to each IDS in the MIU and it gives out five anomaly scores for five attack types. The maximum anomaly score got from the IDS and a new parameter called weighted score is used in the Weighted Dempster-Shafer theory to take the final decision. The weighted score is obtained by passing the maximum anomaly score and the selected input traffic to the Neural Network learner unit. NSL-KDD dataset with 41 features is used to evaluate the performance of the proposed system. The best 27features out of 41 is selected using Genetic Algorithm to reduce the computation time. The proposed system outperforms in terms of detection rate and false alarm rate when compared with existing fusion methods.
Keywords: Intrusion Detection System (IDS), Weighted Dempster-Shafer theory, Basic Probability Assignment (BPA), Anomaly- based, Misuse-based.