The Research Of Network Intrusion Detection System Based On Immune Principal

With the rapid development of internet, its security issues become important increasingly. At present, the main techniques which solve network security include password authentication, encryption technology, security audit and firewall technology, which play certain roles in defending network against intrusion. However, network security is an integrated technology and can not simply rely on some defensive tools to meet all security requirements. So intrusion detection system (IDS) came into being in order to detect ultra users of systems and intruders who utilize security holes by monitoring the network's behaviors and the traffic condition of the system. Now, most commercial intrusion detection products which adopt simple pattern matching technology only can detect known attacking patterns. However, immune-based IDS can detect unknown attacking patterns using incomplete information. We deeply research on how to construct the immune-based IDS, the main work in this dissertation follows as:1. Firstly, the function, makeup, principal and classification of the IDS are introduced. The existing techniques and method of intrusion detection are analyzed, and the development in which the IDS will follow in the future is pointed out.2. Secondly, we deeply analyze the mechanism of how the immune system works such as gene reorganization, difference recognition, clone selection and immune memory. By comparing with the similarities between immune system and IDS, we demonstrated that it is a new method to solve the problems in IDS by introducing the immune principal.3. Thirdly, we do the research on the immune-based IDS initially brought forward by Kim and Bentley. Aiming at the problem that the IDS cannot detect re-intrusion very quickly, we constructed an immune model for NIDS and designed IDS by this model. The IDS is distributed, robust and auto-organization, which not only detects the anomaly behaviors, but also rapidly detects the known invasion.4. Finally we study the details of negative selection algorithm adopting ther-consecutive matching method, and find out the causes of the problem by theoretical analysis and simulation experiments. A new negative selection algorithm is provided in this paper. This algorithm improves the efficiency by eliminating the redundant detector, and at the same time ensures to cover the nonself space as much as possible.