| The development of internet changes the mode of single-machine computer. But the risk and opportunity of intrusion grow up. Therefore, network security becomes an important and imperious problem. Network security is a broad technique field which mainly includes intrusion detection technique, virus defends technology and fire wall technology. Intrusion detection technique is divided into misuse detection and anomaly detection. Anomaly detection is still on the research and development phases which are ones of the focuses of intrusion detection.The paper puts forward a model of IDS in which we train the normal rule set using machine learning based on clonal agent self-learning algorithm. Compared to the model of IDS based on Genetic Algorithm, it can raise the CDR (correct detection rate) and drops the FPR (false positive rate) better. It is compared to GA as follow:1, Owe to the great search randomness in GA, the speed of convergence is slow and it can induce to "premature". So the IDS based on GA can just get lower CDR and higher FPR.2, In addition, as the length of code becomes great in GA, the search scope is broaden. So GA is not adapted for the rule search in the condition of great code length. IDS based on GA is not fit to be applied to KDDCUP2000 whose rules are complicated.3, Clonal agent self-learning algorithm (CASA) is a new algorithm that combines clonal selection algorithm with agent self-learning algorithm. It solves the two existingproblems in GA above. The two operators-clone agent lattice operator and agentself-learning operator work out the better antibodies ties in evolution. It avoids the "premature" and slow convergence in GA. At the same time, the agents in agent self-learning operator have the sentience to environment. It solves the problem 2 in GA and it can be fit to train the complicated rule.
|
PDF Full Text Request