| In recent years, immune-based intrusion detection has become a key research area in intrusion detection system, exploring natural immunological theories, mechanisms and principles for detecting and reacting to intrusions. An Intrusion Detection System has a natural similarity with immune system. Immune systems can be viewed generally as the problem of learning to distinguish self from non-self. An Intrusion Detection System (IDS) should protect the computers or networks from unauthorized intruders and malice codes, which is analogous to the immune systems protecting the body (self) from invasion by inimical microbes (nonself). The paper introduced intrusion detection technology at first, after studying the mechanism of the biologic immune system and referring to the results of computer immune system at home and abroad, the computer immune system model, GECISM(General Computer Immune System Model) which is based on system call is put forward. In this model, some traits of the biologic immune system are utilized to distinguish non-self from self, eliminate nonself. The nonself set which is correctly constructed is critically important in computer immune system GECISM. On analyzing the character code scan technology, we listed its advantages and disadvantages .Give a kind of method that establish nonself set with Character code scan technology, compare and analyze the experimentation result. On the same time give the treatment method and class and trait of active response for uncertain process in sandbox.
|
PDF Full Text Request