Optimum response scheme of intrusion detection based on information theory
Intrusion detection system (IDS) often inevitably presents major security risks caused by FPs and FNs.However,at present,an effective solution has not been found.In order to solve this problem,an optimal response model of intrusion detection based on information theory was proposed.Firstly,the intru...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2020-07-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020111/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539270741852160 |
|---|---|
| author | Youliang TIAN Yulong WU Qiuxian LI |
| author_facet | Youliang TIAN Yulong WU Qiuxian LI |
| author_sort | Youliang TIAN |
| collection | DOAJ |
| description | Intrusion detection system (IDS) often inevitably presents major security risks caused by FPs and FNs.However,at present,an effective solution has not been found.In order to solve this problem,an optimal response model of intrusion detection based on information theory was proposed.Firstly,the intruder and IDS in the process of intrusion detection were abstracted into random variables,and the attack and defense model of intruder and IDS was constructed according to the results of the confrontation.Secondly,the defense channel of IDS was designed according to the attack and defense model,then the correct detection of IDS was transformed into the problem of successful transmission of 1 bit information in defensive channel.Finally,the defensive capability of the system was measured by analyzing the channel capacity of the defensive channel,the maximum mutual information of the defensive channel was the defensive limit capability of the IDS,and the corresponding strategy distribution was the optimal response strategy of the defensive capability of the system.The experimental results show that the scheme can effectively reduce the loss caused by FPs and FNs. |
| format | Article |
| id | doaj-art-41db9138a7ed464ea11400b212456b81 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2020-07-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-41db9138a7ed464ea11400b212456b812025-01-14T07:19:42ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2020-07-014112113059736714Optimum response scheme of intrusion detection based on information theoryYouliang TIANYulong WUQiuxian LIIntrusion detection system (IDS) often inevitably presents major security risks caused by FPs and FNs.However,at present,an effective solution has not been found.In order to solve this problem,an optimal response model of intrusion detection based on information theory was proposed.Firstly,the intruder and IDS in the process of intrusion detection were abstracted into random variables,and the attack and defense model of intruder and IDS was constructed according to the results of the confrontation.Secondly,the defense channel of IDS was designed according to the attack and defense model,then the correct detection of IDS was transformed into the problem of successful transmission of 1 bit information in defensive channel.Finally,the defensive capability of the system was measured by analyzing the channel capacity of the defensive channel,the maximum mutual information of the defensive channel was the defensive limit capability of the IDS,and the corresponding strategy distribution was the optimal response strategy of the defensive capability of the system.The experimental results show that the scheme can effectively reduce the loss caused by FPs and FNs.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020111/intrusion detection systemaverage mutual informationchannel capacitydetection rateresponse scheme |
| spellingShingle | Youliang TIAN Yulong WU Qiuxian LI Optimum response scheme of intrusion detection based on information theory Tongxin xuebao intrusion detection system average mutual information channel capacity detection rate response scheme |
| title | Optimum response scheme of intrusion detection based on information theory |
| title_full | Optimum response scheme of intrusion detection based on information theory |
| title_fullStr | Optimum response scheme of intrusion detection based on information theory |
| title_full_unstemmed | Optimum response scheme of intrusion detection based on information theory |
| title_short | Optimum response scheme of intrusion detection based on information theory |
| title_sort | optimum response scheme of intrusion detection based on information theory |
| topic | intrusion detection system average mutual information channel capacity detection rate response scheme |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2020111/ |
| work_keys_str_mv | AT youliangtian optimumresponseschemeofintrusiondetectionbasedoninformationtheory AT yulongwu optimumresponseschemeofintrusiondetectionbasedoninformationtheory AT qiuxianli optimumresponseschemeofintrusiondetectionbasedoninformationtheory |