Intrusion Detection System Based On Negative Selection Algorithm

With the progress of the society and the science, the age of global networking is dawning. Because of the popularization of computer and network, the whole society is faced with serious network security problems. Now, passive defense techniques (such as firewall, etc.) can not come up to the requires of network security. As a kind of more positive security technology, intrusion detection system can solve the problems which are not settled with passive defense techniques. Much more emphasis had been placed on intrusion detection system.Analysis show that the immune system has many unique characteristics, and intrusion detection system is similar to immune system in a high degree, so many principles and mechanisms of immune system can apply into intrusion detection system. Intrusion detection system based on immune technology has caused wide public concern over the recent years because of its unparalleled advantage. Generation of detectors in intrusion detection system is the core issue. On the basis of traditional negative selection algorithm, a kind of double matching rule is proposed in this paper, then a new model of intrusion detection system is established. All the work in this paper is to improve the detection rate and keep a low false negative and false positive.Firstly, the concepts,classification and current problems of intrusion detection system are introduced in this paper; Then some related principles and mechanisms of immune system are elaborated. According to the comparison of immune system and intrusion detection system, intrusion detection system based on immune technology is put forward, after that, the commonly used algorithms and research status are proposed.The generation of mature detectors depends on the matching rules used in negative selection algorithm. Nowadays, the commonly used matching rules in negative selection algorithm are oversimplified, as a result, too many detectors would be generated, and the false alarm always stay stubbornly high. In this article, an improved negative selection algorithm using double matching rule is proposed:using Hamming distance matching rule first, then the remaining candidate detectors go through the improved r-chunks matching rule.A new model of intrusion detection system based on the improved negative selection algorithm is established. In the detailed design, generation and evolution of detectors, the process of detection are given finally. With these mechanisms, the adaptability of the system is improved and the false negative and false positive is decreased.KDD'99 classic data set is used as the experimental data, after data encoding and pretreatment, simulation experiment is carried out. Experiment result shows that the improved negative selection is not time consuming, in addition, it brings a small number and more efficient detectors. The detection rate of the new model is higher than the traditional model, so this model is feasible.