Research On Detector Optimization And Multi-shape Detection In Immunity-based Intrusion Detection System

The importance of computer network security is undisputed. With the adventof the third generation of network technology represented by the Internet ofthings, computer network security ushered in a new wave of research. As animportant technology of computer network security, the intrusion detectionresearch also advances with the times, adding a number of new research contents.In recent years, the artificial immune theory, based on biological immune system,has been attracting great attention of domestic and foreign experts, in whichimmunity-based intrusion detection research has been the focus of researchers. Inparticular, the research of detector, the most important part to determine thedetection performance, is more favored by the researchers. This paper mainlydiscusses the improvement of detector optimization and detection method, takingthe detector as the research object, the existing problems of the detector as abreakthrough, the biological immune mechanism and other related theories andmethods as a mean.The detector’s dimension has a significant relationship with the detectionperformance, especially in the real-valued shape space. For the hole, theoverlapping and other problems in high-dimensional detector, the research drawson the thought of linear matrix transformations and principal component analysis,transforms high-dimensional real-valued shape space into low-dimensionalprincipal component shape space under the premise to ensure an adequateamount of information, and then, designs affinity function and matching rules inthe principal component shape space. This research also applies affinitycalculation to do the principal-components detector distribution optimizationprocess to solve the above problems. The experiments verify that the detectors after deformation in the principal component shape space can ensure bettercoverage of nonself space and enhance the detection performance with little lossof the original amount of information.The optimization of detector distribution has always been a hot issue amongthe domestic and foreign researchers. For the existing problems, particularly thedetectors’ multi areas and intrusions in the self/nonself boundary, a detectordistribution optimization algorithm is proposed which is based on co-evolutionand the Monte Carlo method: first, using the thought of the V-detector algorithmto adjust the detector’s detection radius in order to solve the intrusion problem inthe self/nonself boundary; then applying the co-evolution thought to divide thedetectors into different subsets and to do the optimization with the interactionbetween the subsets; and finally employing the Monte Carlo method to estimatethe current optimization effect to determine whether the anticipated results hasbeen achieved. Experiments validate that the optimized detectors make bettercoverage of nonself space and deal with the problems of holes and overlappingwell.DNA technology, as an important technology in the bioengineering field, hasplayed an important role in many fields. Multiple attributes of the detector can beregarded as different combinations of DNA. Via this thought, the thesis proposesa detector update and generation model based on DNA vaccines, which is toconstruct the DNA pool by extracting different effective genes. Through the DNApool, the candidates are constructed by the vaccine synthesis. Thereby, more andmore mature and effective detectors will be created. Experiments verify thatmodel can update the detectors in real time, optimize the detector’s coverage innonself space, and stabilize the detection performances.Anywhere, in the binary or real-valued space, the content incompleteness ina detector makes the detection effects unsatisfactory. To solve this problem, amulti-shape detection model with the immune network and immune dangertheory is proposed: the detection module of the system is divided into binarymodule and real-valued module, which complete collaborative detection bysignal mechanism. The experiments validate that the model adapts to the morecomplex events to be detected, and the detection effects can maintain a relativelystable level in different environments. This paper studies primarily the optimization and the detection of thedetector in the immunity-based intrusion detection system, and proposescorresponding solutions for the existing problems. The above research contentsnot only provide some new methods to immunity-based intrusion detection, butalso broaden the scope of the study on artificial immune theory and itsapplications.