| Increasing exposed security problems of network forces people to look for new solutions for safety issue. Intrusion detecting technology has become a new hotspot as a reinforcement of Firewall. But the traditional intrusion detecting technology faces many insufficiencies, such as : lack of adaptabilities,inefficient in detecting unknown intrusions etc. We try to find a new blue print to these questions in this paper by applying immunity principle to IDS, which takes full advantage of those characteristics of immunity system , such as self-adaptability,robustness,learning and cognizing etc.This paper proposes a new model based on"self-nonself"theory, which obviates the"nonself"to protect"self". We introduce the"danger theory"partly into this detection model in this paper, we can confirm one intrusion only by receiving a cooperating stimulation (dangerous signal) from the administrator when the mature detector matching an intrusion. The immunological tolerance is simulated by a improved negative selection arithmetic after the detectors being generated , and the process of detecting is accomplished by dynamic cloning selection arithmetic: we make the detector which detected a intrusion successfully with a cooperating stimulation become a memory detector , which will bring a quicker secondary response (with out cooperating stimulation ).The system would be running on detecting mode or learning mode, you can choose the running mode yourself, but the period running on learning mode wouldn't less than the value supposed in advance, otherwise, the system will be running on learning mode itself .The system can running on learning mode anytime, so the"self"can be update in time, which ensure the dynamic idiosyncrasy of this model.Simultaneously, the memory detectors are aging; the least using lately memory detector will be replaced by new memory detectors, which guarantee a self-adaptability for this system model. |
PDF Full Text Request