Immunity-Based Multi-Agent Intrusion Detection System

With the fast development of Internet and the advent of network society, network will influence on politics, economy, military affairs, etc. Hence, network security is becoming the focus which was attended all over the world. Intrusion detection is an important facet of information security, making up for the limitation of traditional protecting techniques such as access control, firewall, and identity authentication.In this paper, we thoroughly analyzed the principle and the construction of traditional intrusion detection system. Basing on this, combining the principle of biology immunity and mobile agent, we put forward a new network intrusion detection system－the immunology-based muti-agent intrusion detection system.At first, the procreant background and the development process of intrusion detection system was introduced. We described the classification of intrusion detection system. The method of detection in current stage was introduced in brief, we analyzed all kinds of construction of intrusion detection system and the advantage and weakness of them. And we predicted the development trend of the intrusion detection in the future.Secondly, we described the structure of TCP / IP protocols .Because the denial of service attack is an intrusion behavior which is the most frequent, in this paper, we analyzed particularly the principle of several denial of service attack. We constructed a system based on immunology and mobile agent which has stronger adaptability. It was then described in detail that the construction of intrusion detection system. We analyzed the detection ability of every kind of detector, generation and the life cycle of the detector. This system can resist the denial of service attack nicely. The mistaken rate of the system is lower, and its correctness rate is higher. That detecting the anormaly intrusion behavior has the higher accuracy. At the same time, we introduced negative selection, the affinity mature and clonal selection. At last, with the artificial data, we verified the system detection ability to the denial of service attack and anomaly attack .Combining with the C++ Builder and Access database, we presented the experimental result.