METHOD OF MULTI-FEATURE FUSION BASED ON SVM AND D-S EVIDENCE THEORY IN TROJAN DETECTION

Shengli Liu, Xiang Gao, Pan Xu, Long Liu

State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450002, China

According to the low accuracy and low stability of the single feature-based method for Trojan detection, a multi-feature fusion method based on SVM and DS evidence theory is proposed. First, three types of flow features such as session, upload data of session/download data of session, distribution of data packet size are extracted from the data stream. Then the SVM classification results of each single feature are used as evidences to construct the basic probability assigned (BPA). Finally, we use DS combination rule of evidence to achieve the decision fusion and give the final detection results by fusion results. The experimental results showed that the accuracy of multi-feature fusion method was 97.48% which has good performance on accuracy and stability compared with the single feature method in Trojan detection.