A CBR engine adapting to IDS

Authors:
Lingjuan Li;Wenyu Tang;Ruchuan Wang
Affiliations:
Dept. of Computer Science and Technology, Nanjing University of Posts and Telecomm., Nanjing, China;Dept. of Computer Science and Technology, Nanjing University of Posts and Telecomm., Nanjing, China;Dept. of Computer Science and Technology, Nanjing University of Posts and Telecomm., Nanjing, China
Venue:
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Year:
2005

Citing 2
Cited 0

Case-based reasoning

Case-based reasoning
Snort 2.0 Intrusion Detection

Snort 2.0 Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

CBR is one of the most important artificial intelligence methods. In this paper, it is introduced to detect the variation of known attacks and to reduce the false negative rate in rule based IDS. After briefly describes the basic process of CBR and the methods of describing case and constructing case base by rules of IDS, this paper focuses on the CBR engine. A new CBR engine adapting to IDS is designed because the common CBR engines cannot deal with the specialties of intrusion cases in IDS. The structure of the new engine is described by class graph, and the core class as well as the similarity algorithm adopted by it is analyzed. At last, the results of testing the new engine on Snort are shown, and the validity of the engine is substantiated.