Shortcomings of current intrusion detection systems, most notably high false alarm rates and insufficient attack detection accuracy, call for a structured, sophisticated approach. We identify multi-sensor data fusion as such an approach and present amultilevel intrusion detection system architecture. At each level, logically independent functional units combine the data or information from various sources using the technique of data fusion. In this way, each unit contributes to the overall quality of the intrusion detection system. We present the set of functional tasks to be performed, their hierarchical relationships, and sketch the way the units should work together. The corresponding multilevel 'blackboard' architecture can be used as startingpoint for implementing next generation high quality intrusion detection systems 1.
展开▼