A Model for Intrusion Detection Based on Undefined Distance
In this paper, the authors introduced the intrusion detection system and the uncertain theory, and point out two important prerequisite that the IDS work normally must depend on, and in view of the prerequisite, the paper proposed a solution which is based on uncertain distance and the active defense technology anti-host intrusion. The solution can distinguish normal event from the unknown event efficiently, and can detect unknown event. This paper proposed the active defense technology anti-host intrusion based on uncertain distance. The system can not only judge normal event, but also can detect unknown event. The system can judge whether an event is harmful, and can store the eigenvector of suspicious event to "Normal event set" or "Intrusion event set" automatically.