Research On Intrusion Detection Technology Based On Danger Theory

In recent years, computer network technology has been developing rapidly. Network security problem has become increasingly acute. As a important part in Information Security System IDS has become a hotspot in the field of information security. The immune system and intrusion detection systems are similar in the principle of operation. The way in which the immune system protect organisms from violation provide new ideas for the research of IDS. To eliminate the fault in the existing IDS taking advantage artificial immune has become Cutting-edge topics in the field of information security.The IDS based on traditional immunology is established in the mode of self/non-self. In this mode, the non-self is considered as intrusion. In this condition the system is required to contain a complete collection of self. However, the behavior is changing in the actual environment, the uncertain boundaries between self and non-self makes the establishment of the collection of self very difficult. The Danger Theory eliminates the fault of traditional immunology. In Danger Theory, immune system does not distinguish self and non-self, however it can identify danger in the organism. Firstly, in this paper, the principle of Danger Theory is described, and an IDS model based on Danger Theory is proposed. In this model, the module that monitor system state id added, it not only makes the system monitor the danger in the network data, but also the state of host. In this condition the definition of danger become more complete. Secondly, the danger signal detection and danger area divide algorithm is raised combining the Danger Theory and the Clustering Algorithm. After processing data cluster, the algorithm detects the danger signal through identifying the relation between data and the data cluster and builds the danger area according to the relations of signals. Lastly, compare the IDS model proposed in this paper with the model based on traditional immunology through experiment. Experimental data shows that the new algorithm not only embodies the advantages of the Danger Theory fully, but also has good efficiency and self-adaptability.