Cooperative intrusion detection model based on scenario

When a new intrusion means is developed, many intrusion methods can be derived by exchanging the command sequences or by replacing commands with the functionally similar commands, which makes the detection of the developed intrusion very difficult. To overcome this problem, a cooperative intrusion detection model based on scenario is proposed, which is consisted of 5 layers. Topological order, isomorphic transformation and state transition analysis method are applied in the text. For an intrusion case we generate all the possible derived intrusions as an intrusion base. Based on this intrusion base, we present an efficient method to detect such intrusions by using finite automaton. Further, we apply data fusion to analysis suspicious data. A derived intrusion can he seen as an unknown intrusion, in this sense the technique presented in this paper can detect some unknown intrusions.