Research Of Intrusion Detection Based On Immunogenetic Algorithm

The research purpose of Artificial Immune System is to extract special information processing mechanisms contained in biological immune system, and then to study and design the corresponding models and algorithms that could be used to solve many kinds of complex problems. Artificial Immune System is a novel intelligent Computing research field following the invention of Artificial Neural Network and Evolutionary Computation, and it is an emergent interdisciplinary research field generated by life science and computer science and has become a hot point.The basic function of biological immune system is to recognize self and non-self, and then to classify and eliminate non-self. Biological immune system has the characteristics of immune recognition, immune memory, immune regulation, immune tolerance, immune surveillance etc. It is a complex system of self-adaptive, self-learning, self-organization, parallel processing and distributed coordination. By deeply researching into various information processing mechanisms contained in biological immune system, many effective models of intrusion detection and algorithms can be established and designed, and it is of great significance to the establishment of new theory and new method of intrusion detection based on biological immune system, also to the change of the current situation of network security.The purpose of this dissertation is to explore and research into the learning and detecting mechanisms contained in biological immune system, and then to design efficient models and algorithms for intrusion detection system, to establish intrusion detection system based on biological immune system. The detecting models and algorithms based on biological immune mechanisms are designed with consideration of the function and characteristics of biological immune system, at the same time using the theoretical research results of immunology for references. The designs model and analyze the self-protection function from different levels, emphasizing designing models and algorithms from different aspects of biological immune mechanisms. The main research work of thisdissertation can be summarized as follows:By means of the manifestation of gene in biological immune system, this dissertation chooses a real-valued vector to represent the self/non-self space, overcomes the limitations of binary representation used currently. This will be beneficial for the definition of different detector representation, the combination of manifold algorithms based on biological immune system and the distribution of detectors in the non-self space, and will maximize the coverage of the non-self space and minimize the coverage of self-overlap.With the aid of antibody growing and maturation mechanisms of biological immune system, the detectors self-adaptively generating problem are provided and solved. Aiming at the defects of measurability of currently-used immune algorithms, the detectors' adaptively generating algorithms such as Negative Selection Algorithm with Detection Rules and Negative Selection Algorithm with Fuzzy Detection Rules are presented respectively. The evolution of detect rules is achieved by using genetic algorithm and evolution of detectors by a hyper rectangular shape that can cover the non-self space. Fuzzy rules are used instead of crisp rules to determine whether a new sample is normal or abnormal, and to produce measurement of deviation from the normal. Experiment shows that the two algorithms can detect the abnormality in network transmission data and comprehensive time sequence data.Aiming at the detector distribution problem, Real-valued Negative Selection Algorithm and Randomized Real-valued Negative Selection Algorithm are put forward by extracting the information processing mechanisms contained in immune regulation of biological immune system. This algorithm takes as input a set of hyper-spherical antibodies (detectors) randomly distributed in the self/non-self space and changes iteratively the position of the detectors to maximize the coverage of the non-self space and to minimize the coverage of the self samples overlap, at the same time produces a better estimate of the optimal number of detectors needed to cover the non-self space. The maximization of the non-self coverage is done through an optimization algorithm proved to be of convergence properties (Monte Carlo integration and simulated annealing).By extracting the rich information processing mechanisms of biological immune system, this dissertation proposes detectors adaptively generating algorithms; detectors distributing strategy and the learning algorithms based on biological immune regulation mechanisms. An Intrusion Detection System based on Hierarchical Collaborative Distributed (HCDIDS) is designed and accomplished. HCDIDS is proved efficient by experiments. It increases the detection rate and reduced the false alarm rate. HCDIDS integrates the merits of hierarchical IDS and collaborative IDS, adopts efficient self/non-self recognizing technology and immune genetic algorithm and detects correctly the distributed attacks via information fusion technology. The work is not only of great importance to the research of the novel intrusion detection mechanism, but also of great significance to the development of the related interdisciplinary courses.