| With the increasing size of the network, the network structure is very complex. The existing intrusion detection systems can hardly meet the security needs of large-scale distributed networks. With distributed protection, self-adaptability, robustness, scalability, and memory capacity showed in information processing, the immune system can better meet the needs of the development of network. Therefore, the research of immunity principle applied to the intrusion detection is extremely essential.The thesis proposes an intrusion detection system architecture based on the principle of biological immune system, and the corresponding immunity algorithms are designed and realized. The analysis of experimental results shows the algorithms can effectively detect abnormal data.The architecture is composed of four important components which are IDS Host (HIDS), IDS central server, IDS district servers, and IDS root server. Each of them is located at different layer and plays different role separately. To simplify detecting process of and improve the efficiency of HIDS, both misuse detection and anomaly detection are used, and the real network environments are fully considered. The whole detection procedure includes three important stages, negative selection, clone selection, and r-bit consecutive matching. In order to reduce the number of inevitable "black hole", the r-bit variable matching algorithm is adopted. Also, an approach that may train data set faster is used to decrease the training time.MIT Lincoln Laboratory KDDCup99 data set is used as experimental data sets. Experimental results show that training time is greatly reduced, the number of "black hole" is also decreased by the usage of r-bit variable matching. |
PDF Full Text Request