Research Of Network Intrusion Detection System Based On Immune Principles

In recent years, immune-based intrusion detection technology has become a key research area in intrusion detection system, and its prominent character is that exploring natural immune logical theories, mechanisms and principles for detecting and reacting to intrusions. At present, the majority of commercialized intrusion detection products just adopt the simple template match technique, which can be only adapted for some simpler attack modes with a high misrepresentation rate and just can detect known attack modes. Whereas immune-based intrusion detection system has many better features, such as its variety, self-adaptability, auto-reply and self-restoration. Furthermore, the kind of system can detect abnormality according to immature information. What's more important is that it can detect unknown attack modes, which other systems can't achieve. So the thesis mainly carries on research on the computer immune theories applied in intrusion detection system.The thesis firstly presented some basic knowledge on intrusion detection and immunology, and then independently designed a network intrusion detection system model witch is based on immune theories, namely IIDS. IIDS is an abnormal network intrusion detection system that runs on the LAN with distributed system configuration. The thesis researched the algorithm of creating initialization detector set applying in the process of negative selection for the IIDS mode, which is the key one in the system mode. By the analyses on existing detector creation algorithms, inspired by evolution computing, improved the linear detector creation algorithm, which mostly used at present. The algorithm improved the efficiency of the linear algorithm by eliminated the reluctant detector, and at the same time ensured to cover the nonself space as much as possible. Besides, the thesis proposed a kind of new algorithm on detection holes under the rules of r-contiguous bits match.In this thesis, so many testing experiments were done by means of standard "self and "nonself' data set. The results showed that IIDS can properly detect network intrusion actions and implement the detection to unknown attack modes for the due aim. In the thesis, the initialization detector set scale and the failure probability of detector creation algorithm has been tested and the test results indicate that the improved algorithm enhanced the maturity and the reliability contrasting with the former algorithm.