Adaptive Immune Intrusion Detection Set Optimization Based On Dynamic Clone Selection

Intrusion detection system as a dynamic security technology has become an important component of network security and make up the lack of traditional static firewall technology. Security systems have ability to track the intruder, ensure synchronization of system security and speed increased. Biological immune system and intrusion detection systems have many similarities, such as distributed protection, diversity, adaptability, robustness, memory capacity, robustness and other good characteristics. These properties of Immune theory have positive role to intrusion detection systems, provides a new research direction for solving the current difficulties of intrusion detection technology that faced. After nearly 20 years of development, immune intrusion detection technology has received considerable progress and the intrusion detection capability that shown by is quite good. The development of its are of great significance for computer networks and network security technology research.Detection performance of Immune Intrusion Detection System mainly decisions by non-self space coverage of the detection and a good self set and detector set can increase the detection rate and accuracy effective. The generation existing detector algorithms are negative selection algorithm and clonally selection algorithm. But the detector generate by the two algorithms appears issues that detector spatial overlap as the immune system operate which affect the detection accuracy of the system. Generated detector in the detector set storage disorder. In seized data process, the normal testing will inevitably traverse the detector sets, which occupy most of the time of the system detection, and affect the detection efficiency of the detection system.For solving the problem of detector spatial overlap in the dynamic, based on the multi-generation study and immature detectors, sophisticated detectors, memory detectors evolutionary mechanism and elimination mechanism of evolution clonally selection algorithm, we add high and low frequency variation to the overlap detectors which in mature detector set, variation detectors though self tolerance become qualified detector; Also, if a memory detectors match with self, after co-stimulation to make it death, mutated into the Immature detectors, though immune tolerance into the mature detector set. These two kinds of variation detectors enter the detector set have enhanced the capacity of immune system to detect unknown intrusion and the invasion of known.For the issue of the detector disorder storage that affect the detect efficiency of the immune system, we proposed a two optimization classification algorithm that base on some characteristics of detectors in this paper. Optimization of the first layer, select a feature attribute as a category attribute and made a classification. Accordance with the classification divided the detector into a numbers subset of the detector. When test data especially normal data into the testing process to be seized will found corresponding subset under the attributes classification, then the date match with the detector in the subset, effectively avoid a large number of unnecessary traversal matching operation; Second layer optimization, according to detects abnormal sort of the detectors magnitude the subset to make the high active detectors priority testing.Based on characteristics that similar data time of concentration transmission of the Network data set pointer to the subset of the detector. This pointer points to the detector which had detected abnormal data recent. Next time when the data to be detected enter the subset will begin from a number of positions before the pointer point to, so that effectively reduce the number that similar data match with the detectors in the sunset.Though these two methods, the issues rose has been resolved rather better. In final, proofing of correspond theory and simulation experiments show the effectiveness of the algorithm.