Study On Intrusion Detection Algorithm Based On Danger Theory

Nowadays, the questions of network security have caught people's attention closely, and become the focus that every relevant scientific research institution studies gradually too. Traditional network security technology is based on the principle of protection, namely adopt a firewall as the main safety precautions. But, in case that network has become wholesale and invasion has been complex, technologies of passive defense based on firewall were increasingly inadequate, therefore technologies of active protection based on intrusion detection have emerged. The invasion detection technique based on immune mechanism is a new direction for its development, providing a more proactive security mechanism. However, the traditional immune algorithm based on distinguishing "self" and "non-self" was easy to cause false identification because of the obvious demarcation, and a real-time recognition of non-self would bring down computer's performance.The appearance of the danger theory brought some inspiration to solving these problems. The danger theory consider that immune system just need distinguish and response to the harmful antigen in the dangerous area where danger signals are appeared, needn't match and reply to all non-self antigens, it has reduced the calculation amount of matching and response greatly in this way which is more practical operability. In addition, danger theory only recognizes the danger without distinguishing between "self" and "non-self", so it needn't carry on the complicated maturity mutation course to the antibody when producing the antibody. The influence that the changes of "self" cause is littler than the traditional immune model based on negative algorithm. Therefore, immune danger theory is extremely tolerant and adaptive innately, has strong power of self-regulating.The key problems that danger theory needs to solve when applied to intrusion detection are how to apperceive danger. In the human immune system, a kind of full-time antigen presenting cells-dendritic cells are regarded as a detective of immune system, they are living in the human tissue and very sensitive to signs of damage. They do not only collect the evidence of the danger signal, but also collect the potential invasion molecule existing in the form of protein, and deal with the both side. Eventually, they present the intrusion antigen to the immune system and instruct immune system to make the appropriate response finally. J.Greensmith, u.Aickelin, et al. have abstracted the biological function of dendritic cells, implemented an immune algorithm based on danger theory-Dendritic Cell Algorithm (DCA), and achieved the intrusion detection system based it. This paper carries on research to DCA, recommends the abstract course and mathematics implementation of the algorithm, and presents a novel algorithm namely small set of parameters Dendritic Cell Algorithm (sspDCA) for the problem of DCA. The sspDCA reduces the number of parameters of DCA, and defines a new anomaly metrics and anomaly threshold. On the premise of not influencing algorithm performance, sspDCA does not only reduces the calculation expenses, but also be sensitive to the changes of data.