A Study Of Intrusion Detection System Based On Immune Mechanism

Intrusion detection systems play an important role in protecting the security of computers and data networks. An immune-based intrusion detection system is presented based on the deep study of the present technology of the intrusion detection. The immune-based intrusion detection system is made up of four parts, that is, an immune-based host intrusion detection subsystem, an immune-based network intrusion detection subsystem, an immune-based network node intrusion detection subsystem and a console. Nature immune systems have many features such as multiple layers, distributability, diversity, uniqueness, dynamic defensive, adaptability, association memory and so on. The immune-based intrusion detection system tries to apply these features to improve detection performance and to increase system robust ability and adaptability. In the immune-based host intrusion detection subsystem the multi-agent structure is designed, which includes a system call detection agent, an integrality detection agent, an availability detection agent and confidentiality detection agent. Every agent detects different aspects of a system separately. These agents cooperate each other to help make an alarm decision. System call anomaly detection method based on HMM is presented. Preliminary experiments prove the method can express the different mode between normal action and intrusion behavior more stable and simpler.In the immune-based network intrusion detection subsystem the multilayer structure is desigened, which includes a data collector component, a packet head parser and feature extraction component, antibody generation and antigen detection component, cosimulation and report component and rule optimization component. New stastistic feature based connection is defined. And passive immune antibodies and automatic immune antibodies are presented to detect old and new attacks. The new co-stimulation signal mechanism is built to reduce false positive alarm and a rule optimization component is set up based on the colonal selection theory to make detection rules adapt to present intrusions.In the immune-based network node intrusion detection subsystem the multilayer structure is desigened. The concept of negative antibodies and positive antibodies and the realization of the concept are presented. Protocol analyse technology and multiagenttechnology are used to detect attacks based application layer protocol and to deafeat many intrusion detection evasion techniques.