A Real-time Method Of Risk Evaluation Based On Artificial Immune System For Network Security

Risk evaluation for network security is the base of dynamic network security model. However, the methods of risk evaluation for network security are almost static, which can only make a rough estimate of the security risk that the network faced in the past, and cannot evaluate the security risk in real time when the network is suffering from the attacks. Therefore, when the system suffers from network intrusion, it cannot adjust its defense strategies in real time so that its losses are decreased to minimum. The research of real-time risk evaluation for network security is very important to the development of dynamic network security, and it is considered a hot spot in the research of network security. With the relationship between the antibody concentration and the degree of illness in the human immune system, a real-time method of risk evaluation for network security based on artificial immune system is proposed. This method can classify the attacks that the system is suffering, and calculate quantitatively and realtimely the whole security risk and the security risk of a certain kind of attacks faced by the whole network or a certain computer. The experiment shows that this method is a good solution for real-time risk evaluation for network security. Specifically, the contribution of the dissertation includes: analyzing the research of real-time risk evaluation for network security; establishing the mathematical models of the self tolerance of immature lymphocytes and the dynamic evaluation of mature lymphocytes and memory lymphocytes; introducing the concept of antibody concentration into the artificial immune system and establishing its mathematical model; proposing a method of dynamic self tolerance to slove the problem of the dynamic of self in a real-network environment; proposing a method of classifying the attacks automatically; proposing a model of calculating the network-security risk, which can calculate quantitatively and realtimely the whole security risk and the security risk of a certain kind of attacks faced by the whole network or a certain computer; making an experiment on this method and analyzing the experiment result.