| For the past two decades,the explosive development of the network has brought us many conveniences,but it also causes various network security problems.In recent years,the battle in network has become increasingly fierce,and network security events are playing an increasingly prominent role.Network security is facing new challenges.The hackers,stealing data and destroying computers,has brought troubles to users,caused losses to enterprises,and even posed a great threat to the national security.The requirement of network security has been raised to an unprecedented new level.The single network security strategy can not satisfy the detection of increasingly diversified,complex and dynamic attacks.Through the multi-disciplinary integrations,researchers can open up new ideas for network attack detection.It provides reliable and feasible methods,models and theoretical basis for network attack detection methods by using the excellent characteristics of interdisciplinary,and improve the performance of network attack detection technology.Bionics is a biology subject which has been implemented and effectively applied in engineering.Artificial Immune System(AIS)which is widely used in network attack detection has made many achievements.Artificial immune technology and network security have great similarities in goals and principles.Both of them need to ensure the stability and security of the organism in the changing environment,identify and eliminate foreign invaders quickly and accurately.Therefore,the innate superiority of immune theories in preventing foreign invasion has achieved remarkable results in the application of network attack detection system.Although the network security technology based on artificial immunity has gained many praises,there are still some problems to be solved : signature generation,detector constructing in AIS and its mechanism,population optimization,and temporal logic modeling of attacks.Focusing on the research hotspots of artificial immune technology in network attack detection,this dissertation applies the biological immune system to network attack detection area.Research on the basic principle,working mechanism,immune algorithm,population optimization method and other key technologies of artificial immunity theory are given.Combined with current problems,detection technology and modeling methods in the field of network attack detection,existing technologies are improved,and new methods and system models are proposed.The problems such as high redundancy of signature samples,inflexibility of detector mechanisms,weak ability of attack detection,slow optimization speed of detector group,inaccurate descriptions of attack and small scope of attack detection are solved.The main works and achievements in this dissertation are below:1.A hybrid signature generation method based on F-Score and Particle Swarm Optimization Algorithm is proposed.Firstly,the F-Score value of each signature was obtained by using Fisher criteria,who worked as the evaluation criterion of attributes to extract subsets.This can remove noisy and irrelevant signatures,and reduce the signature dimension at the same time.Then,PSO algorithm is used to optimize the subsets.By changing the velocities and positions of particles in the search space,the optimal solution is obtained,and redundant signatures in the cross signature subsets are removed.In the hybrid signature generation method,F-Score is applied to AIS for the first time.The generated signatures have less redundancy and can provide high precision and low redundancy signature samples for AIS based network attack detection system.2.A Novel network Attack Detection model based on Immunology(NADI)is proposed,and a new kind of detector is presented at the same time.NADI uses hybrid signature generation method(SGM)to extract high-precision and low-redundancy sample signatures,and uses the multi-level detector components which is firstly proposed.The multi-level detector components consist of random detectors,neural network detectors and temporal logic detectors.These three types of detectors run in parallel to detect different types of malicious behaviors and form a detection area without blind angle.Temporal logic detector is an innovative detector who firsty introduced Temporal Logic into AIS.The multistage detector mechanism can achieve faster and more accurate detection performance with lower false alarm rate.The problems such as little variety of detectors,inflexible working mechanism of detectors,weak detection ability and inaccurate description of attacks are solved.The experimental results show that model NADI has a high detection rate and a low false alarm rate.3.A population optimization algorithm based on DNA vaccine is proposed.This method use the vaccine mechanism to artificiall immune network attack detection system to optimizat the quality of detector-group optimization.Network attack detection oriented DNA Vaccine-Dynamic Clonal Selection Algorithm(DVD-CSA)and the model of DNA Vaccine-Dynamic Artifical Immune System(DVD-AIS)are proposed.By means of vaccine injection,the detector population can be optimized,and the individual's anti-attack ability can be improved.The proportion of excellent detector can be increased,and the detector can respond quickly in the secondary immunity.The working mechanism can dynamically update the detector population,effectively solve the degradation phenomenon in the process of population optimization,problems such as population singlize,weakeness of affinity.This method can effectively detect network attacks,accelerate the convergence of detector population,and prevent the overmaturity of detectors.4.The network attack modeling methods based on propositional linear temporal logic,propositional interval temporal logic and extended propositional interval temporal logic are presented successively.It uses the characteristics and differences among these logics to construct logical formulas for various attacks.This part improves the description ability and expands the description scope of attack modeling. |
PDF Full Text Request