The storage operation of normal process in host system is analyzed and an anomaly intrusion detection method based on D-S evidence theory for storage system is proposed. The detector fuses multiple signatures of storage data to decide whether the storage operation flow is normal. Furthermore, six groups of light-computation signatures of storage operation data are used to develop an efficient fusion mechanism to guarantee high performance of the algorithm. Experiment shows that high detection rate can be achieved by such fusion.
展开▼