ETRI Journal (Aug 2017)
Network Intrusion Detection Based on Directed Acyclic Graph and Belief Rule Base
Abstract
Intrusion detection is very important for network situation awareness. While a few methods have been proposed to detect network intrusion, they cannot directly and effectively utilize semi‐quantitative information consisting of expert knowledge and quantitative data. Hence, this paper proposes a new detection model based on a directed acyclic graph (DAG) and a belief rule base (BRB). In the proposed model, called DAG‐BRB, the DAG is employed to construct a multi‐layered BRB model that can avoid explosion of combinations of rule number because of a large number of types of intrusion. To obtain the optimal parameters of the DAG‐BRB model, an improved constraint covariance matrix adaption evolution strategy (CMA‐ES) is developed that can effectively solve the constraint problem in the BRB. A case study was used to test the efficiency of the proposed DAG‐BRB. The results showed that compared with other detection models, the DAG‐BRB model has a higher detection rate and can be used in real networks.
Keywords