| With the rapid development of computer and network technologies, computer system has been developed to a complicated and interconnected opening system, which results in more serious problems of intrusion detection. Intrusion detection system (IDS) is a system that continuously monitors some dynamic behavioral characteristics of network or computer system to determine if an intrusion has occurred. Now, the methods of intrusion detection can be divided into two categories, depending on whether they look for known intrusion signatures (misuse intrusion detection), or for anomalous behavior (anomaly intrusion detection). However, the main disadvantage of misuse detection is that it is useless to detect new kind of intrusion, and the one of anomaly detection is that it is difficult to build normal behavioral characteristics and design detection algorithm. So how to prevent computer and network form a variety of attacks in progress becomes an important problem to be solved.According to the immunology principles of bionics, a new type of intrusion detection system-Immunology based Intrusion Detection System is presented. In this paper short sequences of system calls and parameters that executed by privileged procedure are viewed as analogous to peptide. The intrusion detection sytem based on immunology model simulates some characterictics in the immune system, such as diversity, distributability, primary immune response, and secondary immune response. Through sharing information and interaction between immune computer and console, the system can identify anomalous behavior in real time. Firstly, the thesis introduces the architecture of this system. Secondly, the key technologies and the function and implementation of primary models are presented. Finally, the realized system demonstrates its feasibility and gets the effectiveness of real-time intrusion detection. The experimental results show that the proposed detection method based on RHD is more powerful and more efficient than the classical one.The innovations of this paper are: (1) a new method which is named RHDID for anomaly intrusion detection is brought forward. This method (RHDID) can effectively reduce false positives and negative positives and can be applied to real-time intrusion detection; (2) The databases of this system are special and integrity. Based on the different types of procedures which are monitored, the system builds up different databases, such as normal behavior database, abnormal behaviordatabase and real event database. It improves the robustness and flexibility of the system; (3) according to the principle of positive selection in Immunology, the system builds up its abnormal database. The behavior model whose frequency is higher will be analyzed and processed first. It improves the speed and effectiveness of intrusion detection; (4) both anomaly intrusion detection and misuse intrusion detection technique have been implemented in this system, it offsets the shortage of each single technique.
|
PDF Full Text Request