Research On Intrusion Detection Model Based On Rough Set And Artificial Immunity

With the continuous development of information technology, human society is undergoing many major changes. Network becomes the important link of human contact, pulls close the distance between people and becomes an indispensable part of human life. While bringing convenience to human life, the network technology also puts forward many security challenges. The continuously emerging network security issue has seriously affected the normal life, social order, and brings a lot of harm to individuals, enterprises and the country, the society. Network security has become an important problem to be solved in today’s society.Different from the static protection methods, such as firewall, VPN, etc., Intrusion detection (ID) is an important means of network safety, which has important research value and significance. Mainly include: first, intrusion detection system has dynamic protective properties, and intrusion detection technology combines several other technologies, such as:bionic calculation, artificial intelligence, data mining, machine learning. So there are many areas need to be further studied in intrusion detection. Second, with the rapid development of cloud computing, which has many new features, fuzzy boundaries led to the protective wall static protection methods no longer applicable. So, the intrusion detection will become an important means to ensure the security of cloud computing. Once again, intrusion detection has wide application scenario. For example, apply intrusion detection to the Internet, the military network, wireless network, cloud computing, Internet of things, providing protection in allusion to different environment; Intrusion detection combine with methods of distributed computing and deep learning, etc. It can be seen that the research of intrusion detection has both theoretical and application value.Many exports devote themselves to the models about the model, evaluation standard, the security of itself, detection speed, detection rate, false positive rate, false negative rate, adaptability, distribution, methodological analysis and feasibility research in intrusion detection. The main contribution of this paper is as follows:(1) The main researches of current intrusion detection are discussed, at the same time their advantages and disadvantages are compared. Rough set is introduced in ID. The advantages of rough set are given as follows:using equivalence classes to reduce batches of data, identify the data which have similar properties, delete the excrescent conditional attributes, at last get the decision rules which are used to judge whether the behaviors are normal or not. Especially when the priori-knowledge is absent, on the premise of considering the classification capacity, fuzzy or uncertain data are analysed and manipulated using some algorithms. Due to the high complexity of rough set algorithm, we designed a parallel classifier based on rough set. In the parallel classifier, we ntroduced the C-Means clustering method pretreatment decision table to do the pre-classification, sub-divided into subclasses block reduction, access to decision-making rules. The simulation results show that parallel classifier based on rough set can reduce the redundant attributes and improve the speed of intrusion detection. Using C-Means clustering method pretreatment can get effective decision-making rules and improve the detection rate.(2) The distribution, adaptability, dynamic balance and self-organization of intrusion detection are researched. A dynamic immune-based intrusion detection model using vaccination (DIIDV), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with RS are proposed. DIIDV integrates two kinds of intrusion detection mode:misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of DIIDV model, an intrusion detection algorithm is presented. Simulation shows that the DIIDV has better performance than traditional intrusion detection methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method.(3) According to the problems of intrusion detection based on artificial immune, by using RS and integrating misuse detection and anomaly detection, an integrated intrusion detection model based on rough set and artificial immune (RSAI-IID) was proposed. First, the RS method was used to achieve the vaccine which was injected in the model and to get better vaccine, and to optimum the performances of detection. Second, the strategy of self-adjusting parameter was adopted, because there are too many parameters in artificial immune system, and the values of those parameters are difficult to be given. Last, a variety of integration methods were introduced to improve detection rate:misuse detection was used to get off the intrusions known; anomaly detection was used to detect the intrusions which were novel. Self and non-self model, and immune danger theory were used to improve the convergence rate of the intrusion detection and get a higher adaptability. RSAI-IID model was validated on KDD99dataset. The experimental results show its feasibility and effectiveness.