Abstract
CBR is one of the most important artificial intelligence methods. In this paper, it is introduced to detect the variation of known attacks and to reduce the false negative rate in rule based IDS. After briefly describes the basic process of CBR and the methods of describing case and constructing case base by rules of IDS, this paper focuses on the CBR engine. A new CBR engine adapting to IDS is designed because the common CBR engines cannot deal with the specialties of intrusion cases in IDS. The structure of the new engine is described by class graph, and the core class as well as the similarity algorithm adopted by it is analyzed. At last, the results of testing the new engine on Snort are shown, and the validity of the engine is substantiated.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kolodner, J.: Case-based Reasoning. Morgan Kaufmann Publishers Inc., San Francisco (1993)
Wetzel, B.: Implementing A Search Engine With Case Based Reasoning (9/7/2002), http://ihatebaylor.com/technical/computer/ai/selection_engine/CBR
Caswell, B., Beale, J., Foster, J.C., Posluns, J.: Snort 2.0 Intrusion Detection. National Defence Industry Press, Beijing (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, L., Tang, W., Wang, R. (2005). A CBR Engine Adapting to IDS. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_50
Download citation
DOI: https://doi.org/10.1007/11596981_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)