| The main goal of Intrusion Detection System (IDS) is to detect unauthorized use, misuse and abuse of computer systems by both system insiders and external intruders. The unique function of IDS makes it play an irreplaceable role in network security system. IDS has a lot of similarities with the biological immune system, and it make the immune system offer a natural research template for Intrusion Detection. Especially the immune system demonstrates good characteristics in information processing, such as distribution, variety, adaptability, memory ability, fault-tolerant ability, dynamic stability etc., and these characteristics are just what we expected to get in the IDS. When do not have any technology can solve network security problem completely, drawing lessons from the biological immune system had already caused the great attention of computer security researchers, they believe immune principle help to overcome problem present IDS faced. This paper aims at improving IDS especial for learning ability, self-adaptation etc., on the basis of studying biological immune system mechanism. The main work is as following:(1) Puts forward a features' presentation of the multi-level & multi-feature fuzzy with characteristic element, characteristic factor, characteristic base and intrusion pattern based on the antigen/antibody variety. This method has variety because a group of characteristic factors forms the various characteristic bases by different base combination and different combinations of a group of characteristic form different intrusion patterns. This method still is opening, because the new characteristic base may comes from a new making up of old characteristic factor. Then the detection spaces depend on characteristic factor can be made up, this figure is far greater than the existing characteristic base figure.(2) Designs a new type detector integrated detection and responds automatically. According to the antibody basic function and structure characteristic, the detection formed by a detection base, an attack identification and an emergency measure. The detection base is opening and variety as the same form with the intrusion characteristic base; The Attack identification is the category result after the discernment the characteristic base; The emergency measures especially including active responds, on one hand improve systematic defense capability, on the other hand offer essential time for the detection evolves.(3) Puts forward a co-stimulate intrusion detection with danger signal. It is effect to improve detection scope and deduce false negative rate and false positive rate when...
|
PDF Full Text Request