Efficient Intrusion Detection Using Evidence Theory

TL;DR

This paper introduces a new evidence-based intrusion detection method that accounts for source reliability, using Dempster-Shafer theory, and demonstrates improved performance on a challenging dataset compared to existing methods.

Contribution

A novel contextual discounting approach based on source reliability within an evidential classifier using Dempster-Shafer theory is proposed.

Findings

Outperforms state-of-the-art methods on KDDTest-21 dataset

Achieves comparable results on KDDTest+ dataset

Effectively handles source reliability in intrusion detection

Abstract

Intrusion Detection Systems (IDS) are now an essential element when it comes to securing computers and networks. Despite the huge research efforts done in the field, handling sources' reliability remains an open issue. To address this problem, this paper proposes a novel contextual discounting method based on sources' reliability and their distinguishing ability between normal and abnormal behavior. Dempster-Shafer theory, a general framework for reasoning under uncertainty, is used to construct an evidential classifier. The NSL-KDD dataset, a significantly revised and improved version of the existing KDDCUP'99 dataset, provides the basis for assessing the performance of our new detection approach. While giving comparable results on the KDDTest+ dataset, our approach outperformed some other state-of-the-art methods on the KDDTest-21 dataset which is more challenging.